Learn Spring Security Course - Baeldung

10/3/2021 Learn Spring Security Course | Baeldung
Learn Spring Security

The de nitive video guide to secure your Java
application
Why Learn About Security?

Robust security for web applications is and has always been a must. But the security
landscape has been changing rapidly over the last few years, with REST APIs
becoming mainstream, the huge adoption and evolution of OAuth2, single-page
apps (SPAs), two-factor authentication (2FA) and so many other security
requirements.
And the security market is huge - Gartner puts the numbers at 124 billion in 2019 on
the way to 140+ billion now, in 2020. Security work to be done well is abundant and
very well paid.
Simply put, not having a solid, deep understanding of the current security landscape
is no longer a good option.
https://www.baeldung.com/learn-spring-security-course 1/28
Why Spring Security?

Spring Security has been getting better as well, with the launch of 5.0, 5.1 and now
5.2, full Java con guration with lambdas, fantastic Boot integration, an entirely new
OAuth2 stack, and support for pretty much any security mechanism you need.
Right now, in 2020, there's no debate. Spring Security is THE framework to

properly and intelligently do security if you're working in Java.
The framework is fully able to handle everything you throw at it - from simple
scenarios to highly complex security requirements. There are some OK alternatives,
but nothing really comes close.
A Video Course is the best way you'll learn coding

and tactical know-how.
Learn Spring, step by step

I’ve created this course to help you get to a full security education quickly. That's the
whole point in going through a course - it's the fast way to learn the material and give
you the Spring Security tools you need to secure your system.
Each module contains exhaustive video lessons along with code, lesson notes and
resources to help you put the framework to use immediately in your app.
Each of the 3 classes features a di erent level of education:
The Master Class

This is the full material - the comprehensive, start-to- nish path from starting out with
security to a real-world, solid understanding of how to use Spring Security 5 in
practice.
The deep-dives focus on implementations such as a complete OAuth2 from the
ground-up, Two-Factor authentication, a full ACL system, Single Sign On, a complete
registration mechanism, how to deal with various attack vectors - and many others.
The Certi cation Class

This class is simple - it contains the full material from the Master Class, plus
downloads and multiple-choice questions - to help you get the most out of the
material.
When you're done, you're going to get a "Certi cate of Completion" for the
course.
This is generally where professional developers nd the greatest value.
The Coaching Class

This is where we go beyond the course material, with a year-long group
Coaching Program - where I'll take a small group of students through both the
course but also their own speci c implementations.
Past sessions and workshops are, of course, recorded and available.
I've created the Master Class to be THE reference

Spring Security education
if you're working with Java today
Why Learn From Me?

I'm Eugen, and I'll be your instructor through this course.
I’ve been teaching Spring Security quite extensively in my own consulting work for
over a decade now. I've helped teams implement (most commonly re-implement)
security in their systems over a ridiculous number of Spring versions. And I've been
teaching security throughout most of that time.
The lessons here came out of that experience, with the core goal of showing you the
ins and outs of the security framework, and give you a clear map of how to use it in
practice (especially in the more advanced modules).
To be clear - you can't get there by just watching videos - you'll need to code, along
with me, through the material. The videos and the multiple-choice questions are your
reference to come back to - whenever you need them.
The course is amazing. I'm not really a junior regarding the Spring framework.
I decided to go through all your materials, even the ones focused on beginners,
though I’m not a beginner myself.
I try to apply what I’ve learned in live projects that I'm working on and improve my
coding skills by using your course. The only problem that I have is time, but step by
step I’m going through all your materials. Sometimes I only go through the lesson I
need at that moment.
I recommend your course to anyone who might need it - my colleagues, friends, and
fellow students. You did a great job with this course. Thank you for that!
- Alexandru-Bogdan Galusca, Software Engineer at Miracle A/S
The Master Class
The canonical reference for securing a Spring application.

The 20 modules, with over 13 hours of video material, cover everything from the
basics of Spring Security in both an MVC application and a REST API, to advanced
deep-dives into fully working security implementations.
We'll do a complete ACL implementation for applications that simply need to go
beyond roles and privileges, we'll tackle 2FA for extra security and we'll focus on
Multi-Tenancy, LDAP, Single Sign On and a wide variety of other scenarios.
And, of course, we'll focus on OAuth - speci cally on the new OAuth2 stack in
Spring Security 5 - with almost half of the course dedicated to it.
This is everything I wish I had access to when I secured my rst application
with Spring Security.
Without
PPP:
$397
Get (https://courses.baeldung.com/purchase?
access product_id=1547671&coupon_code=uOTin)
for
$277.90
→
I support Parity Purchasing Power (PPP) on my courses, as I want to make sure

they're a ordable for every developer around the world. The price above has
already been adjusted.
1. Secure a Simple Spring MVC Application
6 VIDEO LESSONS - 49 MINUTES

1. Intro to Spring Security
2. A Basic Security Java Con g
3. URL Authorization (Preview lesson
(https://courses.baeldung.com/courses/learn-spring-security-core-the-master-
class/lectures/11985891))
4. Building a Login Form
5. Implementing Logout
6. Anonymous “Authentication”
2. A Full Registration Flow

1. A Simple Registration Flow
2. Authentication using Real Users
3. Activate a New Account via Email
4. Deal with “I forgot my password”
5. Doing Security Questions Right
6. Ensure Password Strength during Registration
3. Remember Me
1. A Simple Remember Me Flow (Preview lesson
2. Remember Me with Cookie
3. Remember Me with Persistence (Preview lesson
4. Spring Security on the Client
1. Spring Security with JSP
2. The Authentication Tag and Displaying the Current User
3. Spring Security with Thymeleaf
4. The Authorize Tag
5. Spring Security Expressions
1. By URL Authorization with Expressions
2. On-method Authorization with Expressions
3. In-page URL Authorization with Expressions
4. Programmatic Expressions and a custom PermissionEvaluator
6. Password Storage
1. Introduction to Storing Passwords
2. Hashing Passwords (MD5 and SHA-256)
3. Why Hashing Isn't Enough - Using Salts
4. Key Stretching
5. The bcrypt Solution
7. Spring Security Con guration
1. Breaking Down the Authentication Flow
2. Run As a Di erent User
3. The Security Context
4. Con gure the Filter Chain
8. Advanced Authentication
1. A Custom Authentication Provider
2. Multiple Providers and the Authentication Manager
3. In-Memory, JDBC and Hibernate/JPA User Storage
4. Tracking Logged-in Users
9. Advanced Authorization
1. How Authorization Works
2. The Topology of Roles and Privileges
3. Secure Method Invocations with AOP
4. A Custom AccessDecisionVoter (Preview lesson
l /l t / 8 6))
10. Basic REST API Security

1. The Basics of API Security
2. Basic Authentication for the API
3. Certi cates and HTTPS for Tomcat
11. ACL with Spring Security

1. Introduction to ACL and Domain Object Security
2. The Data Structure of ACL
3. ACL with Spring Security
12. Two-Factor Authentication
1. A Simple Two-Factor Implementation with a Soft Token (Preview lesson
2. A Two-Factor Implementation with SMS
13. Advanced Security Scenarios
1. Spring Security for a non-Spring Application
2. Multi-Tenancy with Spring Security
3. Session Management with spring-session

4. Spring Security with LDAP
14. Reactive Security
1. A Basic Reactive Security Example
2. Reactive Method Security
3. WebFlux Form Login (new)
OAuth Due Date: February 2021
1. Intro to OAuth2 and the OAuth2 Roles
4 VIDEO LESSONS
1. Intro to OAuth2 and the OAuth2 Roles (theory)
2. Picking the Right OAuth Grant Type/Flow to Use (theory)
3. The State of OAuth2 in Spring Security 5 (theory)
4. Setting up the Project
2. The Basics of OAuth2 (New Stack)
5 VIDEO LESSONS
1. The Authorization Code Flow (theory)
2. The Authorization Server with Keycloak
3 The New OAuth2 Client Support
3. The New OAuth2 Client Support
4. The New Resource Server Support
5. Tokens, JWT and the New Stack
3. OAuth2 Beyond the Basics - The Resource Server (New

Stack)
3 VIDEO LESSONS
1. Basic Authorization with OAuth2
2. Verify/Validate Claims from the JWT
3. Accessing JWT Bearer Token Attributes
4. OAuth2 Beyond the Basics - The Client (New Stack)
3 VIDEO LESSONS
1. New OAuth2 Social Login
2. Refreshing a Token
3. Testing OAuth2 Clients
5. OAuth2 Beyond the Basics - Deep-Dives (New Stack)
7 VIDEO LESSONS
1. OAuth2 and SPAs (theory)
2. OAuth2 and SPAs (implementation)
3. Exploring JWS with OAuth2
4. Testing OAuth2 with REST-assured
5. OAuth2 and OpenID Connect
6. The Client Credentials Flow

7. The Legacy Stack Authorization Server
6. Microservices, Spring Security and OAuth2 (New Stack)
WORKSHOP
1. OAuth Security Patterns in a Microservice Application
2. Sharing Principal Information in Microservices
The Certi cation Class

This Class contains the same material as the Master Class, but goes beyond
the core material with:
multiple-choice questions in each lesson to make sure you fully understood

the material
a Certi cate of Completion (example
(https://s3.amazonaws.com/baeldung.com/LSS-Certi cate.jpg))
the download ability for all video lessons - to help you learn o ine
Of course, if you have any questions about the material, ping me directly here, on
chat, or over email.
Without
PPP:
$497
Get (https://courses.baeldung.com/purchase?
access product_id=1547673&coupon_code=uOTin)
for
$347.90
→
I support Parity Purchasing Power (PPP) on my courses, as I want to make sure

they're a ordable for every developer around the world. The price above has already
been adjusted.
Master Class
The canonical reference to secure a web

application.
https://www.baeldung.com/learn-spring-security-course ll d l 16/28
All 20 Modules
81 Video Lessons
Without
PPP:
$397
(https://courses.baeldung.com/purchase?
Get product_id=1547671&coupon_code=uOTin)
Access
→
$277.90
Certi cation Class
The Class includes the Master Class

material, exercises, downloads and the
Certi cate of Completion
All 20 Modules
81 Video Lessons
+ Exercises in Each Lesson
+ Full Downloads for All Videos
Without
PPP:
$497
Access
→
$347.90
Coaching Class
The Class includes the Certi cation Class,

3 Workshops and 12 Group Coaching Calls
All 20 Modules
81 Video Lessons
+ Exercises in Each Lesson
+ Full Downloads for All Videos
All 3 Live Workshops

(https://gumroad.com/l/all-in-one-
workshops) (2+ hour events)
12 Group Coaching Calls
Without
PPP:
$697
Access
→
$487.90
I support Parity Purchasing Power (PPP) on my courses, as I want to make sure they're
a ordable for every developer around the world. The price above has already been
adjusted.
If you're looking to get both this course and Learn Spring (/learn-spring-
course) or REST With Spring (/rest-with-spring-course),
have a look at the Bulk Packages (/all-bulk-courses)
Do you have a team who would bene t from taking the course?
(/learn-spring-security-course#table)Here are our team licenses → (/learn-
spring-security-for-teams)
30-Day Money Back Guarantee

I believe strongly in the quality of the course material to teach you the fundamentals
of coding in Spring. I've put a lot of work and care into these lessons and hope you're
going to use it fully and up your Spring game.
I con dently back all classes with a 30-Day Money Back Guarantee. I want you to
dive in deep and experience the full wealth of this resource without hesitation.
If the mateial isn't a good t, just contact me within 30 days of purchase, and ask for a
full refund for any single course package.
Eugen is a very knowledgeable teacher and communicates his material in a

clear and concise manner. I am self-taught in Spring and a semi-ok to good Java
developer but found the barrier to entry to learn Spring too high.
I’ve saved myself hundreds of hours of research and learning e ort by taking
his courses. The material is easy to follow and broken up into appropriate
lengths allowing for timely progress. The course also can be used as reference
material on the subject matter allowing you to quickly jump in and explore a
given topic. The courses are worth every cent!
- Thomas Sødring, Associate Professor at Oslo and Akershus University

College of Applied Sciences
“ The lessons are practical and easy to follow and the structure of
the course allows you to watch the videos in one go, or pick
individual topics any time you want. Some previous experience
ith S i i
https://www.baeldung.com/learn-spring-security-course d d b t I thi k th t’ t b t df 22/28
with Spring is needed but I think that’s to be expected from an
advanced course..
Alexander Fridlund, Consultant and owner Visegue Solutions AB
“ I got a lot out of the course, especially the registration with email
validation, two factor authentication and how to use the
framework interfaces. I was actually able to apply the knowledge
in a project for my client, so I’d de nitely recommend the course to
anyone wanting to learn about Spring Security.
Li Zhang, Senior Software Engineer at Grant Thornton LLP
“ I have several years of experience with Java and REST, and I am

now working on a project that makes heavy use of Spring and
OAuth2. Because initially I was not involved in it, a lot of Spring
aspects have been hard work for me. This course has given me a
better knowledge of Spring and showed really good examples of
how to test.
John Reah, Head of Software Engineering at HTK
“ The great combination of theory and practice turned this video

course into a real workshop. With all the practical knowledge and
live examples, I’ve not only learned a lot but also systematized my
Spring knowledge.
Maciej Scislowski, Senior Java Consultant
“ I went through the course step by step and I’ve been using it in
many ways ever since. I like the combination of theory and real-life
implementation - that helped me solve many practical problems
in my daily work.
Bernd Fischer, CTO at MindApproach GmbH
“ The course is very practical and shows how things can be done in
production-grade code. The fact that the lessons are video-based
with transcripts and code projects for each step makes the course
very accessible. It requires literally only a few minutes between
buying the course and following the rst lessons.
Bavo De Ridder, IT Solution Architect at VDAB

“ Thanks for putting this togerher. I greatly appreciate the great

lesson's pace - they're not dry or boring. The conttent is well worth
it - industry-standard stu , and used throughout enterprises and
start-ups alike. It'd be hard to gather this much information and
detail even after years of experience
Rob Anhart, Senior Professional Services Engineer at Netskope
“ I knew what authentication and authorization were and the basic

methodologies for implementing them in an application. What I
seriously lacked was the knowledge of what was going on behind
the scenes. The videos really helped me understand what is
happening under the hood and truly customize Spring Security to
t my needs.
Timothy Schmiandle, Engineering Team Lead at Finicity
“ The implementation of best security practice for production grade

apps is a real mine eld. This course has been an invaluable
resource in helping us with our web application security. There are
dozens of toy Spring Security examples on the web, but we really
needed one which showed us what a production grade
implementation looks like
implementation looks like.
Leon Roy, CEO at Brring
The most common questions, answered --> (/learn-spring-security-

faq)
Support and Privacy
ACCOUNT LOGIN (https://sso.teachable.com/secure/22136/users/sign_in?)

PRIVACY POLICY (/privacy-policy)
TERMS OF SERVICE (/terms-of-service)
The Learn Spring Course
PRICING
MASTER CLASS
CERTIFICATION CLASS
FAQ(/learn-spring-security-faq)
Free Sample Lessons
URL AUTHORIZATION (https://courses.baeldung.com/courses/learn-spring-security-core-the-master-class/lectures/11985891)
A SIMPLE REMEMBER ME FLOW (https://courses.baeldung.com/courses/learn-spring-security-core-the-master-

class/lectures/11985951)
REMEMBER ME WITH PERSISTENCE (https://courses.baeldung.com/courses/learn-spring-security-core-the-master-
A CUSTOM AccessDecisionVoter (https://courses.baeldung.com/courses/learn-spring-security-core-the-master-
A SIMPLE TWO-FACTOR IMPLEMENTATION WITH A SOFT TOKEN (https://courses.baeldung.com/courses/learn-spring-security-
core-the-master-class/lectures/11985946)

Learn Spring Security Course - Baeldung

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Learn Spring Security Course - Baeldung

Uploaded by

Copyright:

Available Formats

10/3/2021 Learn Spring Security Course | Baeldung

Learn Spring Security

Why Learn About Security?

Why Spring Security?

Right now, in 2020, there's no debate. Spring Security is THE framework to

A Video Course is the best way you'll learn coding

Learn Spring, step by step

Each of the 3 classes features a di erent level of education:

The Master Class

The Certi cation Class

This is generally where professional developers nd the greatest value.

The Coaching Class

I've created the Master Class to be THE reference

Why Learn From Me?

- Alexandru-Bogdan Galusca, Software Engineer at Miracle A/S

The Master Class

The canonical reference for securing a Spring application.

I support Parity Purchasing Power (PPP) on my courses, as I want to make sure

1. Secure a Simple Spring MVC Application

6 VIDEO LESSONS - 49 MINUTES

2. A Full Registration Flow

6 VIDEO LESSONS - 50 MINUTES

4. Spring Security on the Client

5. Spring Security Expressions

7. Spring Security Con guration

10. Basic REST API Security

11. ACL with Spring Security

3 VIDEO LESSONS - 35 MINUTES

12. Two-Factor Authentication

13. Advanced Security Scenarios

3. Session Management with spring-session

14. Reactive Security

OAuth Due Date: February 2021

1. Intro to OAuth2 and the OAuth2 Roles

2. The Basics of OAuth2 (New Stack)

3. OAuth2 Beyond the Basics - The Resource Server (New

4. OAuth2 Beyond the Basics - The Client (New Stack)

5. OAuth2 Beyond the Basics - Deep-Dives (New Stack)

6. The Client Credentials Flow

6. Microservices, Spring Security and OAuth2 (New Stack)

The Certi cation Class

multiple-choice questions in each lesson to make sure you fully understood

I support Parity Purchasing Power (PPP) on my courses, as I want to make sure

The canonical reference to secure a web

OAuth Due Date: February 2021

Certi cation Class

The Class includes the Master Class

+ Exercises in Each Lesson

+ Full Downloads for All Videos

OAuth Due Date: February 2021

The Class includes the Certi cation Class,

+ Exercises in Each Lesson

+ Full Downloads for All Videos

All 3 Live Workshops

12 Group Coaching Calls

OAuth Due Date: February 2021

30-Day Money Back Guarantee

Eugen is a very knowledgeable teacher and communicates his material in a

- Thomas Sødring, Associate Professor at Oslo and Akershus University

Alexander Fridlund, Consultant and owner Visegue Solutions AB

Li Zhang, Senior Software Engineer at Grant Thornton LLP

“ I have several years of experience with Java and REST, and I am

John Reah, Head of Software Engineering at HTK