Securing a REST API with OAuth 2.0
In this course, you'll learn how to secure a Spring Boot REST API with Spring Security and OAuth 2.0. From leveraging Spring Security defaults, JWT-based authentication and authorization, to secure integrations, you'll learn the best practices for securing your APIs, and implement these best practices in our hands-on labs.
What you'll learn
Spring Security has your back
From security-first defaults to unlimited customization, Spring Security is the most powerful package for securing your Spring Boot API with OAuth 2.0. But how do you actually use Spring Security, and how do you know when not to configure anything at all and just let Spring Security do it for you?
In this course you'll learn:
- The security risks of an unsecured Spring Boot API
- How to leverage Spring Security's default settings
- How to add OAuth 2.0 to your app
- How to work with integrations securely
- And, of course, how to write automated tests for everything!
Before you begin
Course Prerequisites
This course is designed for developers who are new to Spring Security. We recommend having the following knowledge or experience before getting started:
Course Outline
- Module 1: Secure Defaults
- Module 2: Authentication
- Module 3: Authorizaton
- Module 4: Integrations
Lab: The Unsecured API
Learn how dangerous an unsecured REST API can be for your application.
Secure Defaults
Learn how simply adding Spring Security to your project puts you on the path to a more secure application.
Lab: Spring Security's Defaults
Secure our application with a couple of lines of configuration.
Adding Authentication
Get started with Spring Security authentication.
Limits of HTTP Basic
This lesson covers the limits of HTTP Basic authentication, showing why it is not suitable for many production REST APIs.
Lab: Adding OAuth 2.0 Bearer JWT Authentication
Implement JWTs in our Cash Card application.
Accessing Authentication in Spring MVC
Implement secure and personalized features based on the user's authentication details in your Spring MVC application.
Lab: Accessing Authentication in Spring MVC
Learn the many ways you can access Spring Security authorization information in a Spring Boot app.
The Big Picture
The heart of Spring Security is still beatin': the Spring Security Filter Chain
Accessing Authentication Anywhere
Authentication everything everywhere all at once.
Coming Soon: Lab - Accessing Authentication Anywhere
Understand and test how you can access the authentication context anywhere in your Spring Boot application.
Validate Claims
Learn more about customizing the authentication process, specifically regarding validating JWT claims.
Coming Soon: Lab - Validate Audience
Learn how to validate JWT claims programmatically as well as with Spring Boot properties.
Processing Failures
Learn how Spring Security handles authentication failures.
Coming Soon: Lab - Processing Failures
You'll update our Cash Card application to processes authentication failures, and create a custom authentication entry point.
Authorization Models Overview - Request vs. Method
Learn the difference between request and method authorization, where they overlap, and when one outshines the other.
OAuth 2.0 Scopes
Learn how authorization is represented in OAuth 2.0 and how that maps to Spring Security.
Adding Request Authorization
Salt and pepper aren't the only things that can be coarse-grained!
Adding Method Authorization
Learn how and where method authorization wins out over request authorization.
Adding Data Authorization
Learn where and when data authorization works best over request and method authorization.