Description
A complete practical case study and tutorial featuring the Spring Security framework.
Filters and configuration
Authentication
JSON Web Tokens (JWT)
Role-based Authorization
In-depth theory
Also:
General Cybersecurity principles and concepts
Cryptography: Encryption, encoding and hashing
Symmetric and Asymmetric (public/private key) encryption
HTTP over SSL/TLS (HTTPS)
Digital Certificates & Public Key Infrastructure (PKI)
TLS Cipher Suites and handshakes
Case study of a Demo App with 2 Spring Boot REST web services, an Angular/Typescript UI client app and PostGreSQL database(s), which
Encrypts all communication between browser and server via HTTP over SSL/TLS (HTTPS)
Establishes trust via signed digital certificates (Public Key Infrastructure — PKI)
Requires valid credentials to log in.
Custom example user/role/resource/action/authority database.
Limits access to resources in web service and client app according to roles / authorities of user account; detailed development of Authorization
Employs JSON Web Tokens (JWTs) as its authorization mechanism.
NOT WebMvc: Does NOT track sessions or JSESSONID cookies; does not output HMTL, login forms etc. (not JSP or Thymeleaf)
Rather, REpresentational State Transfer (REST): Exchanges JSON data payloads with clients
Assumes clients take care of all UI elements, HTML code, css, Javascript etc.
Course Structure
Part 0: Is this Course Right for Me?
Part 1: General Cyber Security Principles
Part 2: Introducing the Demo App and its Components
Part 3: Application Security elements BEFORE adding the Spring Security Framework
Part 4: The Spring Security Framework in our Demo App
Part 5: A Deeper Dive into Spring Security Architecture and Theory
