Take your programming skills to the next level with our Java e-learning programme

Spring Security Module 2: OAuth2 and REST

featuring OAuth2
  • This course follows on from our Spring Security Module.
  • We use the CRM system built on the Webservices course, and we will convert this into an OAuth provider.
  • A third party website will then become a client of this site.
  • Part of our Spring Training series.

Pre-requisites

You will need to understand the basic concepts of Spring Security, as covered in Module 1. We use REST extensively, although you only need a basic familiarity with it.

Contents - This module runs for around 6 hours and is equivalent to a 3 day live course.

 

Having problems? check the errata for this course.

1

Introduction


21 m 18 s
In this course we will be using the CRM system from the Spring Remoting course. You don't need experience of REST, this chapter will explain how to set the system up.

2

Securing a REST Webservice


44 m 17 s
Adding security to REST is really a case of applying standard Spring Security. We'll use Basic Authentication in this chapter.

3

An Overview of OAuth


41 m 52 s
OAuth is not the easiest to understand - in this chapter a very basic (and simplified) overview of OAuth 2.

4

The Authorization Code Grant Type - Leg 1


32 m 40 s
We will implement a full OAuth 2 process - this is the first section where the user (resource owner) authenticates and authorizes.

5

The Authorization Code Grant Type - Leg 2


32 m 15 s
In Leg 2, we need to authenticate the client

6

The Authorization Code Grant Type - Leg 3


37 m 26 s
And in Leg 3, we finally grant access to the resources

7

The OAuthRestTemplate


22 m 2 s
This template improves the client's code dramatically!

8

Additional Scopes


35 m 53 s
A feature of OAuth is that you can define fine grained scopes - in this chapter we will add a "write" scope.

9

Other Grant Types


41 m 5 s
There are other, less secure grant types available in OAuth. When should you use them? We also implement one of the grant types in our project.

10

HTTPs (TLS/SSL)


55 m 17 s
How to encrypt the traffic using HTTPs. This is hard work but an essential step.

11

Module Summary


4 m 11 s
A preview of what is coming up in Module 3 of this series.

12

Bonus Chapter - JavaConfig for Security


66 m 15 s
This bonus chapter has been borrowed from our JavaConfig module - it shows how to use JavaConfig to configure the security aspects of your application, including OAuth.

Let the Course Come to You

About Us Pricing Frequently Asked Questions Contact Privacy T&Cs Affiliates and Resellers
Facebook Twitter YouTube