You will need previous experience of Java, Web Development and SpringMVC. We have a series of Spring Training courses which cover all of these topics if you need them!
Having problems? check the errata for this course.
1 |
Course Overview |
Preview
4m 2s |
|
| What the course covers and plans for module 2. | |||
2 |
Getting started |
Watch
49m 38s |
|
| We take a standard Spring MVC project and apply security to it. | |||
3 |
Form Authentication |
Watch
29m 24s |
|
| How to set up a login form. | |||
4 |
Preserving Usernames on Authentication Failure |
Watch
28m 50s |
|
| This optional chapter shows how to keep the username on the form if the login fails. This should be easy but Spring doesn't support this "out of the box". | |||
5 |
Database Authentication |
Watch
39m 47s |
|
| We now authenticate against a database table. Note - at this stage the passwords are in cleartext, and very insecure! | |||
6 |
Creating Users Programatically |
Watch
45m 42s |
|
| How to add users to the database. | |||
7 |
BCrypt Password Encoding |
Watch
27m 45s |
|
| How to store passwords securely, using the industry best-practice of BCrypt. | |||
8 |
Preventing Brute Force Attacks |
Watch
47m 39s |
|
| Often, SHA-256 or (even worse) MD-5 is used with a "salt" to encode passwords. This is not recommended, and this chapter explains why. | |||
9 |
Tag Library and Preventing Cross Site Request Forgeries (CSRF) |
Watch
27m 29s |
|
| Support for CSRF protection is "ON" by default; we had to switch it "OFF" early on in the course; it's time now to look at what this does, and why you might need it. | |||
10 |
Enabling Transport Layer Security (TLS/SSL) |
Watch
20m 44s |
|
| It's important to realise that so far, all transmissions to the server have been unencrypted and therefore passwords have been sent in plaintext. This is a brief overview of how to use TLS/SSL in Spring. | |||
11 |
Coming Soon |
Watch
7m 22s |
|
| The next module will feature how to use OAuth (1 and 2), and how to apply security to REST webservices. This is planned for early September 2015. | |||
12 |
Bonus Chapter: Standard web.xml |
Watch
63m 42s |
|
| You might not need Spring Security: you can do security using web.xml. This extra video shows the standard "built in" security and also explains the difference between authentication and authorisation. | |||
13 |
Bonus Chapter: Using JavaConfig |
Watch
66m 15s |
|
| We've copied this chapter from our JavaConfig module, in case you're unable to access that. This chapter covers how to configure Spring Security without XML. Note: this chapter also covers OAuth configuration, which is the subject of our other Spring Security course. | |||
