spring-boot-security
Spring security from basic to advanced level.
What is application security all about ? Why do I need it?
- Day by day security threats are increasing
- All day job - looking for loop holes
- examples of worst security incidents that cause financial losses
- OWASP
- antiviruses
- different levels/layers of security
App security terms - authentication, authorization, roles,
- Authentication - Who are u ?? - Knowledge bases, possesion based, multi factor- k+p,
- authrization - what you are allowed to do? Principal - login then created
- session hijacking
- csrf
- dos attack
What spring security has to offer??
different characteristics
๐ Understanding default spring security behaviour - Demo
๐ How spring security authentication works
๐ Authenticationa & authorization using In-memory database
๐ Authenticationa & authorization using MySQL database
๐ Customizing form login page
๐ Understanding Token based authentication
๐ JWT - Json Web Token - All theory about it
๐ JWT + Spring Security - Demo Application
๐ OAUTH2
-
What's this all about - Theory
-
OAuth2 + spring security - Demo (Authentication with google/facebook/github)
-
Custom Auth Server - Client Credentials and password grant
-
Customize Auth Server to Generate JWT token
-
Custom Resource Server
-
Token Relay and making request to Resource server using Web Client
๐ LDAP - All theory about it
๐ LDAP + Spring Security- Demo
๐ Password storing mechanism
-
how the password is stored in db
-
different algorithm to secure password
๐ Demo Application
Sample microservice handling all of this - >
-
User creation with default password
-
e-mail and account validation
-
remember-me
-
password change
-
forgot password
-
security questions
-
user password reset
-
session management in spring security