Learn Spring Security
The definitive guide to secure your Java application
Why Even Learn About Security?
Robust security for web applications is always a must. But the security landscape has been changing rapidly over the last few years, with REST APIs becoming mainstream, the introduction of OAuth2, single-page apps, two-factor authentication and a lot of other things.
And the security market is huge - Gartner puts the 2015 numbers at 75 billion on the way to 170 billion in 2020 - so there’s no shortage of security work to be done when you know your stuff.
Not having a solid, deep understanding of the current security landscape is no longer an option.
But Why Spring Security?
Spring Security has been getting better as well with the launch of v4 last year and the new Java configuration style as a solid alternative to XML.
Right now in 2016, there's no debate. Spring Security is THE tool to properly and intelligently do security if you're working in Java.
The framework is fully able to handle everything you through at it - from simple scenarios to highly complex security requirements. There are some OK alternatives, but nothing really comes close.
A Video Course is a fantastic way to teach coding and tactical know-how.
Learn Spring Security Fast
I’m writing and building this course to help you get to a full security education quickly. That's the whole point in going through a course - it's the fast way to learn the material and give you the Spring Security tools you need to secure your system.
Each module contains exhaustive video lessons along with code, lesson notes and resources to help you understand the finer points of using Spring Security.
Each of the 3 classes features a different level of education:
- The Starter Class will give you a solid guide to the fundamentals of the framework and the tactics required to make your MVC application air-tight.
- In the Intermediate Class we go beyond the basics and dive deep into the security of a REST API, password storage and advanced configuration options.
- The Master Class is the fast lane to powerful, advanced implementations. We're going to cover things like a complete two-factor authentication solution, a full ACL implementation, Single Sign On, a ground-up OAuth2 + JWT + proxy security for an API, how to deal with various attack vectors - among other things. This is the one to get for a complete understanding of the Spring Security.
I'm creating the Master Class to be THE unique Spring Security education for developers working in Java today.
Why Learn Through This Course?
I’ve been teaching Spring Security for a good number of years now, and I’ve been using it for even longer. The very first course I created (with Packt) was actually a Spring Security (v3) course.
But the main reason why I’m so excited about creating this material is that I'm a heavy Spring Security user. I'm working with the framework day in and day out in my client work. I only teach stuff that I actually practice and use myself, and Spring Security is definitely like that for me.
The advanced modules in the Master Class distill everything I learned throughout many, many security client implementations and show you exactly how things work beyond the simple usecases. It's going to be fun.
The Master Class
The canonical reference for securing a Spring application.
The 15 modules cover everything from the basics of Spring Security in an MVC application to advanced use-cases such as understanding attack vectors, proper password storage and risks, API security with OAuth2 and full Java config.
In addition to the framework guides, we'll also do deep-dives into full working security implementations. We'll do a complete ACL implementation for applications that simply need to go beyond the roles and privileges.
We'll tackle Two-Factor Authentication to add extra security to our apps. We're going to drive that with a soft-token, a hardware token and finally with SMS.
And we'll do implementations of things like Multi-Tenancy, LDAP, Single Sign 0n and a variety of other scenarios
This is everything I wish I had access to when I secured my first application with Spring Security.
Price: 299$ 179$
Release Date: 20th of July
1. Secure a Simple Spring MVC Application
6 Video Lessons
- 1. Intro to Spring Security
- 2. A Basic Security Java Config
- 3. URL Authorization
- 4. Building a Login Form
- 5. Implementing Logout
- 6. Anonymous “Authentication”
2. A Full Registration Flow
5 Video Lessons
- 1. The basics of a simple Registration flow
- 2. Activate a new account via email
- 3. How to do “I forgot my password” right
- 4. Adding Security Questions
- 5. Password Strength Rules on the Server and on the Client side
3. Remember Me
4 Video Lessons
- 1. A simple Remember Me flow
- 2. Remember Me with Cookie
- 3. Remember Me with Persistence
- 4. Remember Me - the advanced scenarios
4. Spring Security on the Client
5 Video Lessons
- 1. Spring Security JSP tags
- 2. The Authentication Tag
- 3. Displaying the Current User
- 4. The Authorization Tag
- 5. Thymeleaf and Spring Security
5. Spring Security Expressions
4 Video Lessons
- 1. By URL Authorization with Expressions
- 2. In Page Authorization with Expressions
- 3. On Method Authorization with Expressions
- 4. Programmatic Expressions and a custom PermissionEvaluator
6. Password Storage
6. Video Lessons
- 1. Introduction to Storing Passwords
- 2. Using Hashed Passwords (MD5)
- 3. Why Hashing Isn't Enough - Using Salts
- 4. PasswordEncoder and SaltSource
- 5. Key Stretching
- 6. The BCrypt solution
7. Spring Security Advanced Configuration
4 Video Lessons
- 1. Authentication Managers and Providers
- 2. The Security Context
- 3. Plug-In Points into the framework
- 4. Configure Advanced Scenarios
8. Advanced Authentication
7 Video Lessons
- 1. In Memory user storage
- 2. A simple UserDetailsService
- 2. JDBC backed user storage
- 4. Hibernate/JPA user storage
- 5. Setting up multiple authentication providers
- 6. Authentication with OpenID
- 7. X.509 Authentication
9. Advanced Authorization
5 Video Lessons
- 1. FilterSecurityInterceptor and Friends
- 2. The AccessDecisionManager
- 3. Voting
- 4. Access-Decision Strategies
- 5. A custom AccessDecisionVoter
10. Basic REST API Security
4 Video Lessons
- 1. API Security with Basic Authentication
- 2. Digest Authentication in the API
- 3. Using cookies and the session for REST Security?
- 4. HTTPS for the API
11. ACL with Spring Security
4 Video Lessons
- 1. Introduction ACL and Domain Object Security
- 2. The Data Structure of ACL
- 3. ACL with Spring Security
- 4. Advanced ACL and non-JDBC persistence
12. Advanced REST API Security
5 Video Lessons
- 1. Intro to OAuth2 for the REST API
- 2. Enable and configure OAuth2 with Spring Security
- 3. Tokens, OAuth2 and JWT
- 4. Refreshing a Token
- 5. Understanding CSRF protection
13. OAuth2 Beyond the REST API
4 Video Lessons
- 1. The OAuth2 Implicit Flow for an MVC application
- 2. Confidential Clients and the Client Credentials Flow
- 3. Server Side applications and the Authorization Code Flow
- 4. Spring Social and using third-party OAuth2 providers
14. Two-Factor Authentication
3 Video Lessons
- 1. A Two-Factor implementation using a soft-token (smartphone app)
- 2. Two-Factor with hardware token
- 3. Two-Factor with SMS
15. Advanced Spring Security Scenarios
6 Video Lessons
- 1. Spring Security for a non-Spring application
- 2. Multi-Tenancy with Spring Security
- 3. Spring Session for session management
- 4. SAML with Spring Security
- 5. Spring Security with LDAP
- 6. CAS Authentication and SSO
The Intermediate Class
Go beyond the basics of securing an application with Spring Security.
The 10 modules in this class will guide you to becoming proficient with the framework and being able to adapt it to more complex scenarios.
There's a big difference using Spring Security in basic scenarios and really securing a production-grade application with it.
Price: 199$ 119$
Release Date: 25th of May
1. Secure a Simple Spring MVC Application
6 Video Lessons
- 1. Intro to Spring Security
- 2. A Basic Security Java Config
- 3. URL Authorization
- 4. Building a Login Form
- 5. Implementing Logout
- 6. Anonymous “Authentication”
2. A Full Registration Flow
5 Video Lessons
- 1. The basics of a simple Registration flow
- 2. Activate a new account via email
- 3. How to do “I forgot my password” right
- 4. Doing Security Questions right
- 5. Password Strength Rules on the Server and on the Client side
3. Remember Me
4 Video Lessons
- 1. A simple Remember Me flow
- 2. Remember Me with Cookie
- 3. Remember Me with Persistence
- 4. Remember Me - the advanced scenarios
4. Spring Security on the Client
5 Video Lessons
- 1. Spring Security JSP tags
- 2. The Authentication Tag
- 3. Displaying the Current User
- 4. The Authorization Tag
- 5. Thymeleaf and Spring Security
5. Spring Security Expressions
4 Video Lessons
- 1. By URL Authorization with Expressions
- 2. In Page Authorization with Expressions
- 3. Simple on Method Authorization with Expressions
- 4. Programatic Expressions and the PermissionEvaluator
6. Password Storage
6 Video Lessons
- 1. Introduction to Passwords
- 2. Using Hashed Passwords (MD5)
- 3. Why Hashing Isn't Enough - Using Salts
- 4. PasswordEncoder and SaltSource
- 5. Key Stretching
- 6. The BCrypt solution
7. Spring Security Configuration
4 Video Lessons
- 1. Authentication Managers and Providers
- 2. The Security Context
- 3. Plug-In Points into the framework
- 4. Configure Advanced Scenarios
8. Advanced Authentication
7 Video Lessons
- 1. In Memory user storage
- 2. A simple UserDetailsService
- 3. JDBC backed user storage
- 4. Hibernate/JPA user storage
- 5. Setting up multiple authentication providers
- 6. Authentication with OpenID
- 7. X.509 Authentication
9. Advanced Authorization
5 Video Lessons
- 1. FilterSecurityInterceptor and Friends
- 2. The AccessDecisionManager
- 3. Voting
- 4. Access-Decision Strategies
- 5. A custom AccessDecisionVoter
10. Basic REST API Security
4 Video Lessons
- 1. API Security with Basic Authentication
- 2. Digest Authentication in the API
- 3. Using cookies and the session for REST Security?
- 4. HTTPS for the API
The Starter Class
Learn the basics of securing an MVC application with Spring Security.
This class is a good place to start using the framework.
Price: 99$ 59$
Release Date: 6th of April
1. Secure a Simple Spring MVC Application
6 Video Lessons
- 1. Intro to Spring Security
- 2. A Basic Security Java Config
- 3. URL Authorization
- 4. Building a Login Form
- 5. Implementing Logout
- 6. Anonymous “Authentication”
2. A Full Registration Flow
5 Video Lessons
- 1. The basics of a simple Registration flow
- 2. Activate a new account via email
- 3. How to do “I forgot my password” right
- 4. Adding Security Questions
- 5. Password Strength Rules on the Server and on the Client side
3. Remember Me
4 Video Lessons
- 1. A simple Remember Me flow
- 2. Remember Me with Cookie
- 3. Remember Me with Persistence
- 4. Remember Me - the advanced scenarios
4. Spring Security on the Client
5 Video Lessons
- 1. Spring Security JSP tags
- 2. The Authentication Tag
- 3. Displaying the Current User
- 4. The Authorization Tag
- 5. Thymeleaf and Spring Security
5. Spring Security Expressions
4 Video Lessons
- 1. By URL Authorization with Expressions
- 2. In Page Authorization with Expressions
- 3. Simple on Method Authorization with Expressions
- 4. Programatic Expressions and the PermissionEvaluator
Starter Class
Release Date: April 6th 2016
5 Modules, 24 Lessons
Learn the basics of securing an MVC application with Spring Security.
99$ 59$
Master Class
Release Date: July 20th 2016
15 Modules, 72 Lessons
The canonical reference for securing a Spring application.
The 15 modules cover everything from the basics of Spring Security in an MVC application, through API security and to the most advanced scenarios you'll need in the current security landscape.
299$ 179$
Intermediate Class
Released Date: May 25th 2016
10 Modules, 50 Lessons
Go beyond the basics of securing an application with Spring Security and learn to use the framework in more complex scenarios.
199$ 119$
Do you have a team who would benefit from taking the course? No problem: we have a group license as well.
Money Back Guarantee
I know you'll get a lot of value out of Learn Spring Security and I strongly believe in the quality of the material. I also know that you putting these tactics to work in your application can mean the difference between sub-par security and an air-tight application.
That's why the course has a 30-Day Money Back Guarantee - I want you experience the material with no hesitation.
If you’re not satisfied, just contact me within 30 days and I’ll refund your purchase. No questions asked.
FAQ
Does the Master Class include the other classes?
Yes it does - it includes all modules. When you purchase the Master Class, you'll get access to everything and you don't need to get anything else.
How do I watch the lessons? Can I watch at my own pace?
Yes! When you purchase a class you’ll be enrolled into your course account and you'll have immediate access to all modules and lessons within.
The platform will keep track of your progress as you finish each module so you can pick up where you left off at any time.
Will I have lifetime access to the course or is it just for a limited time?
Access never goes away. Once you purchase any class, you have access to it indefinitely. It does not expire, there is no time limit, and you can re-watch the lessons as much as you like.
Do I have to wait until the Master Class goes live to get access?
No - you'll get access to modules as I release them - you won't have to wait for material that's already available.
Can I share this with my team?
Sure - there's a group license option for the Master Class - for 10 individual student accounts.
Will there be code I can download/use/follow along with?
Yes. We're going to be building a couple of applications during the course, and the code will be fully available both on GitHub as well as for download.
Can I see a full lesson before deciding?
Of course. Just as with my previous course, I'll publish some full lessons and make them available before launch.
Will the classes cover the very basics of Spring?
No, this is not an "Intro to Spring" type of course and it's not going to cover the very basics - you'll need some basic knowledge of the core framework.
What version of Spring Security is the course based on?
The code is using Spring Security 4.0 and Spring 4.2. I am also keeping a close eye on the official JIRA for any issues that may be relevant in the next version.
Is Spring Boot a requirement?
No, not for the most part. There will be some Spring Boot specific lessons, but these will be extra and specifically marked.
The general approach is simple - you won't need Boot, but if you want to learn about it and use it, there will be plenty of Boot lessons as well.