A complete practical case study and tutorial featuring the Spring Security framework.

Filters and configuration

Authentication

JSON Web Tokens (JWT)

Role-based Authorization

In-depth theory

Also:

General Cybersecurity principles and concepts

Cryptography: Encryption, encoding and hashing

Symmetric and Asymmetric (public/private key) encryption

HTTP over SSL/TLS (HTTPS)

Digital Certificates & Public Key Infrastructure (PKI)

TLS Cipher Suites and handshakes

Case study of a Demo App with 2 Spring Boot REST web services, an Angular/Typescript UI client app and PostGreSQL database(s), which

Encrypts all communication between browser and server via HTTP over SSL/TLS (HTTPS)

Establishes trust via signed digital certificates (Public Key Infrastructure -- PKI)

Requires valid credentials to log in.

Custom example user/role/resource/action/authority database.

Limits access to resources in web service and client app according to roles / authorities of user account; detailed development of Authorization

Employs JSON Web Tokens (JWTs) as its authorization mechanism.

NOT WebMvc: Does NOT track sessions or JSESSONID cookies; does not output HMTL, login forms etc. (not JSP or Thymeleaf)

Rather, REpresentational State Transfer (REST): Exchanges JSON data payloads with clients

Assumes clients take care of all UI elements, HTML code, css, Javascript etc.

Course Structure

Part 0: Is this Course Right for Me?

Part 1: General Cyber Security Principles

Part 2: Introducing the Demo App and its Components

Part 3: Application Security elements BEFORE adding the Spring Security Framework

Part 4: The Spring Security Framework in our Demo App

Part 5: A Deeper Dive into Spring Security Architecture and Theory