spring-boot-security

Spring security from basic to advanced level.

What is application security all about ? Why do I need it?

• Day by day security threats are increasing
• All day job - looking for loop holes
• examples of worst security incidents that cause financial losses
• OWASP
• antiviruses
• different levels/layers of security

App security terms - authentication, authorization, roles,

• Authentication - Who are u ?? - Knowledge bases, possesion based, multi factor- k+p,
• authrization - what you are allowed to do? Principal - login then created
• session hijacking
• csrf
• dos attack

What spring security has to offer??

different characteristics

👉 Understanding default spring security behaviour - Demo

👉 How spring security authentication works

👉 Authenticationa & authorization using In-memory database

👉 Authenticationa & authorization using MySQL database

👉 Customizing form login page

👉 Understanding Token based authentication

👉 JWT - Json Web Token - All theory about it

👉 JWT + Spring Security - Demo Application

👉 OAUTH2

• What's this all about - Theory

• OAuth2 + spring security - Demo (Authentication with google/facebook/github)

• Custom Auth Server - Client Credentials and password grant

• Customize Auth Server to Generate JWT token

• Custom Resource Server

• Token Relay and making request to Resource server using Web Client

👉 LDAP - All theory about it

👉 LDAP + Spring Security- Demo

👉 Password storing mechanism

• how the password is stored in db

• different algorithm to secure password

👉 Demo Application

Sample microservice handling all of this - >

• User creation with default password

• e-mail and account validation

• remember-me

• password change

• forgot password

• security questions

• user password reset

• session management in spring security