Securing a REST API with OAuth 2.0
In this course, you'll learn how to secure a Spring Boot REST API with Spring Security and OAuth 2.0. From leveraging Spring Security defaults, JWT-based authentication and authorization, to using Authorization Servers, you'll learn the best practices for securing your APIs, and implement these best practices in our hands-on labs.
What you'll learn
Spring Security has your back
From security-first defaults to unlimited customization, Spring Security is the most powerful package for securing your Spring Boot API with OAuth 2.0. But how do you actually use Spring Security, and how do you know when not to configure anything at all and just let Spring Security do it for you?
In this course you'll learn:
- The security risks of an unsecured Spring Boot API
- How to leverage Spring Security's default settings
- How to add OAuth 2.0 to your app
- How to integration with an Authorization Server
- And, of course, how to write automated tests for everything!
Before you begin
Course Prerequisites
This course is designed for developers who are new to Spring Security. We recommend having the following knowledge or experience before getting started:
Course Outline
- Module 1: Secure Defaults
- Module 2: Authentication
- Module 3: Authorizaton
Course Outline
Lab: The Unsecured API
Learn how dangerous an unsecured REST API can be for your application.
Secure Defaults
Learn how simply adding Spring Security to your project puts you on the path to a more secure application.
Lab: Spring Security's Defaults
Secure our application with a couple of lines of configuration.
Adding Authentication
Get started with Spring Security authentication.
Limits of HTTP Basic
This lesson covers the limits of HTTP Basic authentication, showing why it is not suitable for many production REST APIs.
Lab: Adding OAuth 2.0 Bearer JWT Authentication
Implement JWTs in our Cash Card application.
Accessing Authentication in Spring MVC
Implement secure and personalized features based on the user's authentication details in your Spring MVC application.
Lab: Accessing Authentication in Spring MVC
Learn the many ways you can access Spring Security authorization information in a Spring Boot app.
The Big Picture
The heart of Spring Security is still beatin': the Spring Security Filter Chain
Accessing Authentication Anywhere
Authentication everything everywhere all at once.
Accessing Authentication Anywhere
Understand and test how you can access the authentication context anywhere in your Spring Boot application.
Validate Claims
Learn more about customizing the authentication process, specifically regarding validating JWT claims.
Lab - Validate Claims
Learn how to validate JWT claims programmatically as well as with Spring Boot properties.
Processing Failures
Learn how Spring Security handles authentication failures.
Lab - Processing Failures
You'll update our Cash Card application to processes authentication failures, and create a custom authentication entry point.
Authorization Models Overview - Request vs. Method
Learn the difference between request and method authorization, where they overlap, and when one outshines the other.
OAuth 2.0 Scopes
Learn how authorization is represented in OAuth 2.0 and how that maps to Spring Security.
Adding Request Authorization
Salt and pepper aren't the only things that can be coarse-grained!
Lab: Adding Request Authorization
Salt and pepper aren't the only things that can be coarse-grained!
Adding Method Authorization
Learn how and where method authorization wins out over request authorization.
Lab: Adding Method Authorization
Salt and pepper aren't the only things that can be coarse-grained!
Adding Data Authorization
Learn where and when data authorization works best over request and method authorization.
Lab: Adding Data Authorization
In this lab you'll SpEL out a query for data authorization!
Adding Delegated Authorization
Learn where and when to delegate authorization to an authorization server.
Lab: Connecting to an Authorization Server
Run and connect to a real authorization server right inside our hands-on lab environment!