Securing a REST API with OAuth 2.0
-
Introduction5m
-
-
LockedAdding Authentication5mLockedLimits of HTTP Basic5mLockedOAuth 2.0 and JWT10mLockedLab: Adding OAuth 2.0 Bearer JWT Authentication5mLockedAccessing Authentication in Spring MVC10mLockedLab: Accessing Authentication in Spring MVC30mLockedThe Big Picture10mLockedAccessing Authentication Anywhere10mLockedAccessing Authentication Anywhere20mLockedValidate Claims10mLockedLab - Validate Claims25mLockedProcessing Failures10mLockedLab - Processing Failures20m
-
-
-
LockedAuthorization Models Overview - Request vs. Method10mLockedOAuth 2.0 Scopes10mLockedAdding Request Authorization10mLockedLab: Adding Request Authorization10mLockedAdding Method Authorization10mLockedLab: Adding Method Authorization10mLockedAdding Data Authorization10mLockedLab: Adding Data Authorization10mLockedAdding Delegated Authorization10mLockedLab: Connecting to an Authorization Server10m
-
-
CompletedConclusion
Introduction
This course is designed to help you build your applications with the secure foundation of Spring Security, specifically in the context of Spring Boot.
Our Spring experts guide you through building and running a fully functional REST API that manages cash cards for an imaginary company Family Cash Cards. You can think of the cash card being very similar to a gift card that many of us send and receive.
What You Will Learn
By the end of this course, you'll learn to:
- Understand the basics of authentication, authorization, and web application defense
- Identify and evaluate authentication and authorization options
- Secure a REST API using Spring Security's OAuth 2.0 Resource Server support
- Secure Spring MVC endpoints and Spring Data queries using Spring Security primitives
- Test your application with security enabled and accounted for
What You Will Build
In this course's labs, you'll create a REST API that manages cash cards for an imaginary cash company, Family Cash Cards. The application stores cash cards in an in-memory database that can be administered through a GET endpoint and one POST. This application is based on Spring Boot and uses Spring Security to authenticate the user, authorize each request, and provide defense against common web application vulnerabilities like CSRF.
Hands-On Labs
The labs in this course provide an interactive terminal and editor, so you don't need any specific tools installed on your own machine.
Prerequisites
In order to get the most out of this course, you should have:
- Experience with Java
- Familiarity with Spring Framework and Spring Boot
- Basic knowledge of HTTP
Project-Based
Rather than structuring this course like formal documentation or a textbook, we've approached it as a real-world development project. So what does this mean?
Each lesson is designed to explain a specific Spring Security concept. The lessons have companion labs representing a task in the development process that you may encounter during a real-world project.
Additionally, rather than covering each concept in depth, we'll only cover enough details to complete each task, as well as help you generally understand what's going on "under the hood" in the application. We'll also explain why we're making the choices we do as well as what other options and trade-offs exist.
In this article
Let's get started!
Felipe Gutierrez
Staff Engineer
Over 30 years of IT experience, during which he has developed programs for companies in multiple vertical industries, such as government, retail, healthcare, education, and banking. Book Author from Apress. Currently writing the Pro Spring Boot 3rd Edition.
Josh Cummings
Staff Engineer and Spring Security committer
Spring Security committer, Pluralsight author, and juggler.
Give Feedback
Help us improve by sharing your thoughts.