Effective OAuth2 with Spring Security 5 and Spring Boot

Focused View

Wojciech Lesniak

3:11:56

77 View

00. Course Overview

00. Course Overview.mp4

01:50

01. Spring Security Oauth2 - The New Direction

00. Introduction.mp4

01:43

01. The challenges with Authentication - Authorization in modern applications.mp4

04:03

02. Why tokens.mp4

04:57

03. Introducing Json Web Tokens (JWT).mp4

02:43

04. A journey into Oauth2.mp4

01:53

05. Autherization Code Grant.mp4

04:12

06. Oauth2 is not Authentication.mp4

01:19

07. Why we need OpenId Connect.mp4

03:15

08. What makes OIDC great for Authentication.mp4

05:55

09. OIDC Authorization Code Grant Flow.mp4

01:50

10. Spring Security 5 the new direction.mp4

01:34

02. Server-side Applications - Single Sign-in with Oauth2

00. Introduction.mp4

01:00

01. Registering the client with Facebook and Google.mp4

01:48

02. Sign-in with Google and Facebook.mp4

03:51

03. A peek under the covers at the Architecture.mp4

08:00

04. Spring Boot auto-configuration of Oauth2.mp4

08:04

05. Oauth2 login page.mp4

01:34

06. Automaticaly registering users - AuthenticationSuccessHandler.mp4

01:55

07. Retrieving claims form the Authenticated Principal .mp4

04:53

08. Mapping claims to authorities - GrantedAuthoritiesMapper.mp4

02:16

09. The principal problem.mp4

02:21

10. Customizing Oauth2 user types - CustomUserTypesOAuth2UserService.mp4

02:55

11. Customizing the Oauth2user with a Custom Oauth2userservice.mp4

01:09

12. Module Summary.mp4

00:24

03. Delegating Authentication to an Authorization Server

00. Options for identity management.mp4

00:49

01. Spring Oauth2 Authorization Server.mp4

04:21

02. Authenticating the resource owner.mp4

07:36

03. Outsouring user authentication to our custom autherization server.mp4

02:19

04. A peak under the covers of our Autherization Server.mp4

06:08

05. Introducing Keycloak an out of the box solution for an Autherization Server.mp4

01:40

06. Installing and configuring Keycloak.mp4

03:06

07. Outsourcing client Authentication to Keycloak.mp4

03:08

08. Introducing Identity as a Service (IDaaS) and module wrap up.mp4

01:27

04. Oauth2 in a Client-side Single Page Application

00. The challenges for Oauth2 and public clients.mp4

04:37

01. The new architecture of our SPA.mp4

00:43

02. Configuring our public client in Keycloak.mp4

01:52

03. Securing the resource servers.mp4

03:29

04. Retrieving claims of the Authenticated Principal.mp4

02:30

05. Cross-Origin Resource Sharing (CORS).mp4

02:27

06. Enabling Cross Origin requests in Spring Security.mp4

02:59

07. Module wrap-up and whats next.mp4

01:00

05. Oauth2 for Machine-to-machine Authorization

00. Module Introduction.mp4

02:09

01. Security Challenges with Tokens in Distributed Systems.mp4

03:11

02. Introducing the Client Credentials Grant.mp4

01:19

03. Rethinking the Architecuture.mp4

02:43

04. WebClient vs. RestTemplate.mp4

01:00

05. Token Relay with WebClient.mp4

03:42

06. ServletOAuth2AuthorizedClientExchangeFilterFunction.mp4

05:55

07. Token Relay with RestTemplate.mp4

01:18

08. Configuring Client Credentials in Keycloak.mp4

00:59

09. Client Credentials with WebClient.mp4

04:01

10. Client Credentials Token Refresh Workaround.mp4

01:08

11. Client Credentials Grant via RestTemplate.mp4

02:52

12. Module Wrap-up.mp4

01:29

06. Enhancing with Customizations, Validation, and Exception Handling

00. Module Introduction.mp4

00:56

01. Customizing the authorization request.mp4

02:20

02. Searching for security vulnerabilities.mp4

03:15

03. Performing custom validation of the JWT.mp4

04:03

04. Final thoughts.mp4

01:24

07. Layering Scoped-based Authorization

00. Module Introduction.mp4

01:26

01. Searching for More Security Vulnerabilities.mp4

02:00

02. Scopes vs. Roles vs. Authorities.mp4

02:56

03. Adding Scopes and Roles to Keycloak.mp4

02:41

04. Authorization at the URL.mp4

03:42

05. Mapping Roles and Scopes from Your Token into the Principal.mp4

02:48

06. Securing Your Methods.mp4

02:54

07. HTTPs and Further Learning Oportinitues.mp4

01:14

08. Course Complete Whats Next.mp4

02:56

Description

Securing your application with OAuth2, OIDC and JWT in your application can seem like a daunting task. In this course you will learn how to leverage Spring Security with Spring Boot to quickly and effectively do all the heavy lifting for you.

What You'll Learn?

Securing your application with OAuth2, OIDC and JWT doesn't have to be difficult. In this course, Effective OAuth2 with Spring Security 5 and Spring Boot, you will gain the ability to effectively leverage the framework to quickly and effectively do the heavy lifting for you. First, you will learn the essentials of OAuth2, OpenID Connect and JSON Web Token standards so you can correctly leverage Spring Security to add social sing-in to you existing application. Next, you will discover options on how to implement an Authorization Server so that you can completely decouple user authentication from you application code. Finally, you will explore more advanced topics on how to tailor the framework to your unique security requirements and the various patterns you can leverage to secure distributed systems such as microservices. When you are finished with this course, you will have the skills and knowledge of OAuth2 support in Spring Security needed to leverage OAuth2, OIDC and JWT in modern distributed applications.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Spring Boot

Network Security

Information Security

Wojciech Lesniak

Instructor's Courses

Wojciech is a Technical Lead and Scrum Master. He has over 15 years' experience in software development working in a variety of industries from financial services and online gaming. He has extensive experience with anything Java, Spring framework, Microservices and has a passion for developing secure and scalable applications.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.