Learn Spring Security

Why Spring Security?


Developers write code that works but often they are unaware of how the vulnerabilities in their code are exploited. Security remains an after-thought or is actively avoided because time-to-market remains the top priority for the Business.

DevSecOps demands Shift Security Left to implement security measures as part of CI/CD process during the entire development lifecycle. One of them is to add automated tests in CI/CD pipeline to verify the security capabilities of the application.

What does it provide?


Spring Security is a framework that provides the necessary tools to implement and verify authentication and authorization in addition to protection against common attacks and helps to address some of the OWASP TOP10 issues.

Like any framework you need to know how to use it properly, as writing secure code requires awareness and best practices more than tools and frameworks.

What will we do in this course?


Spring Security recommends to address below four security concerns for any enterprise applications. We will follow a pragmatic approach to apply these four concepts on a pre-cooked real-time application.

  1. Authentication
  2. Web request security
  3. Service layer security
  4. Domain object instance security

How will we do?


We will address the above security concerns by implementing the most widely used features of Spring Security with actual code. We will build the access restrictions step-by-step gradually on every layer to control who can do what on which resource.

With the increasingly popular microservice style architecure we will scope our discussions only on API security rather than MVC application security.

Learn by doing

Reading will be nice, but nothing replaces actual experience by practising it. You can practice each lesson by one of the following ways:

  • Apply the concepts by yourself using the given code snippets.
  • Download the patch on each lesson and apply it to the code from the previous lesson.
  • Clone the given github repository on each lesson.