Spring Security Module 2: OAuth2 and REST

Try for free!

Subscribe and stream all our courses
from just $30.00 per month
Start my free trial

Spring Security Module 2: OAuth2 and REST

featuring OAuth2

This module runs for around 6 hours and is equivalent to a 3 day live course.

  • This course follows on from our Spring Security Module.
  • We use the CRM system built on the Webservices course, and we will convert this into an OAuth provider.
  • A third party website will then become a client of this site.
  • Part of our Spring Training series.
You will need to understand the basic concepts of Spring Security, as covered in Module 1. We use REST extensively, although you only need a basic familiarity with it.

Contents

Having problems? check the errata

Introduction 21m 18s

In this course we will be using the CRM system from the Spring Remoting course. You don't need experience of REST, this chapter will explain how to set the system up.

Preview

Securing a REST Webservice 44m 17s

Adding security to REST is really a case of applying standard Spring Security. We'll use Basic Authentication in this chapter.

Watch

An Overview of OAuth 41m 52s

OAuth is not the easiest to understand - in this chapter a very basic (and simplified) overview of OAuth 2.

Watch

The Authorization Code Grant Type - Leg 1 32m 40s

We will implement a full OAuth 2 process - this is the first section where the user (resource owner) authenticates and authorizes.

Watch

The Authorization Code Grant Type - Leg 2 32m 15s

In Leg 2, we need to authenticate the client

Watch

The Authorization Code Grant Type - Leg 3 37m 26s

And in Leg 3, we finally grant access to the resources

Watch

The OAuthRestTemplate 22m 2s

This template improves the client's code dramatically!

Watch

Additional Scopes 35m 53s

A feature of OAuth is that you can define fine grained scopes - in this chapter we will add a "write" scope.

Watch

Other Grant Types 41m 5s

There are other, less secure grant types available in OAuth. When should you use them? We also implement one of the grant types in our project.

Watch

HTTPs (TLS/SSL) 55m 17s

How to encrypt the traffic using HTTPs. This is hard work but an essential step.

Watch

Module Summary 4m 11s

A preview of what is coming up in Module 3 of this series.

Watch

Bonus Chapter - JavaConfig for Security 66m 15s

This bonus chapter has been borrowed from our JavaConfig module - it shows how to use JavaConfig to configure the security aspects of your application, including OAuth.

Watch
Copyright ©2021 VirtualPairProgrammers.com