COURSE LIST / COURSE BY TECHNOLOGY VENDORS / VMWARE

Spring Security

Course Summary:

This 2-day course offers hands-on experience with the major features of Spring Security, which includes configuration, authentication, authorization, password handling, testing, protecting against security threats, and the OAuth2 support to secure applications. On completion, participants will have a foundation for securing enterprise and microservices applications. Formats • Classroom • Live Online • vFlex-ILT • Private Training

Course Duration: 2 Days

Course Content:

Security Introduction

Need for security
Basic security concepts
Common security vulnerabilities

Spring Security Basics

Introduction to Spring Security
High-level architecture
Overview of Security Context
Spring Security with Spring Boot

Customizing Authentication

Building blocks for authentication
Authentication mechanisms based on user name and password
Other authentication mechanisms
Authentication events

Securing Web Applications

Configuring authorization
Using Access Decisions Manager for authorization
Using Authorization Manager for authorization
Bypassing security

Method Security

Method security architecture
Declarative method security with annotations

Security Testing

Spring Security Testing Support
Security mock annotations and meta-annotations
Using MockMvc to test security

Handling Passwords

Password hashing
Upgrading passwords

(Optional) Protecting Against Common Vulnerabilities

Hardening web applications with security headers
Preventing cross-site request forgery
Encrypting data in transit

OAuth2 and OIDC Concepts

Need for OAuth
Overview of OAuth2 and OIDC
OAuth2 grant types
Types of tokens
Spring Security OAuth2 support and OAuth2 login

Spring Authorization Server

Introduction to Authorization Server
Spring Authorization Server endpoints
Spring Authorization Server configuration

Protecting and accessing resources with OAuth2

Resource server
Using JWT tokens
Using opaque tokens

Configuring an OAuth2 client