Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Learn Spring Security Core: The Master Class
Module 0 - Before you Start
Course Introduction
Mindset and How to Go Through the Course Material
The Project in your IDE
How I keep the course updated
Course Changelog
Troubleshooting and How to Ask for Support
Module 1: Secure a Simple Spring MVC Application (~ 3 hours)
Lesson 1: Intro to Spring Security (6:45)
Lesson 2: A Basic Security Java Config (9:55)
Lesson 3: URL Authorization (10:32)
Lesson 4: Building a Login Form (9:48)
Lesson 5: Implementing Logout (7:14)
Lesson 6: Anonymous “Authentication” (5:01)
Lesson 7: Overview of Spring Security Objects (text-only)
Module 2: A Full Registration Flow (~ 2.5 hours)
Lesson 1: A Simple Registration Flow (6:53)
Lesson 2: Authentication using Real Users (4:27)
Lesson 3: Activate a New Account via Email (8:16)
Lesson 4: Deal with “I forgot my password” (9:00)
Lesson 5: Doing Security Questions Right (10:52)
Lesson 6: Ensure Password Strength during Registration - part 1 (6:31)
Lesson 6: Ensure Password Strength during Registration - part 2 (4:15)
Module 3: Remember Me (~ 1 hour)
Lesson 1: A Simple Remember Me Flow (6:05)
Lesson 2: Remember Me with Cookie (9:31)
Lesson 3: Remember Me with Persistence (8:08)
Module 4: Spring Security on the Client (~ 1.5 hours)
Lesson 1: Spring Security with JSP (8:23)
Lesson 2: The Authentication Tag and Displaying the Current User (8:00)
Lesson 3: Spring Security with Thymeleaf (6:13)
Lesson 4: The Authorize Tag (10:39)
Module 5: Spring Security Expressions (~ 1.5 hours)
Lesson 1: By URL Authorization with Expressions (15:02)
Lesson 2: On-method Authorization with Expressions
Lesson 3: In-page URL Authorization with Expressions (same as Module 4 - Lesson 4)
Lesson 4: Programmatic Expressions and a custom PermissionEvaluator (text-only)
Module 6: Password Storage (~ 2 hours)
Lesson 1: Introduction to Storing Passwords (7:13)
Lesson 2: Hashing Passwords (MD5 and SHA-256) (8:54)
Lesson 3: Why Hashing Isn't Enough - Using Salts (9:47)
Lesson 4: Key Stretching (6:35)
Lesson 5: The bcrypt Solution (5:39)
Module 7: Spring Security Advanced Configuration (~ 2 hours)
Lesson 1: Breaking Down the Authentication Flow (16:25)
Lesson 2: Run As a Different User (10:17)
Lesson 3: The Security Context (8:44)
Lesson 4: Configure the Filter Chain (7:08)
Module 8: Advanced Authentication (~ 2.5 hours)
Lesson 1: A Custom Authentication Provider (9:00)
Lesson 2: Multiple Providers and the Authentication Manager (7:02)
Lesson 3: In-Memory, JDBC and Hibernate/JPA User Storage (8:43)
Lesson 4: Tracking Logged-in Users (9:04)
Lesson 5: Setting up Users at Startup (Text-Only)
Module 9: Advanced Authorization (~ 2.5 hours)
Lesson 1: How Authorization Works (10:30)
Lesson 2: The Topology of Roles and Privileges - Part 1 (9:13)
Lesson 2: The Topology of Roles and Privileges - Part 2 (6:32)
Lesson 3: Secure Method Invocations with AOP (text-only)
Lesson 4: Defining Custom Access-Control Logic (text-only)
Module 10: Basic REST API Security (~ 1 hour)
Lesson 1: The Basics of API Security (7:01)
Lesson 2: Basic Authentication for the API (6:12)
Lesson 3: Certificates and HTTPS for Tomcat (6:57)
Module 11: ACL with Spring Security (~ 2 hours)
Lesson 1: Introduction to ACL and Domain Object Security (6:32)
Lesson 2: The Data Structure of ACL (9:12)
Lesson 3: ACL with Spring Security - part 1 (10:09)
Lesson 3: ACL with Spring Security - part 2 (9:20)
Module 12: Two-Factor Authentication (~ 1 hour)
Lesson 1: A Simple Two-Factor Implementation with a Soft Token (14:26)
Lesson 2: A Two-Factor Implementation with SMS (8:58)
Reference Project (text-only)
Module 13: Advanced Spring Security Scenarios (~ 2 hours)
Lesson 1: Spring Security for a non-Spring Application (8:40)
Lesson 2: Multi-Tenancy with Spring Security (13:04)
Lesson 3: Session Management with spring-session (7:58)
Lesson 4: Spring Security with LDAP (9:21)
Module 14: Reactive Security (~ 1 hour)
Lesson 1: A Basic Reactive Security Example (8:56)
Lesson 2: Reactive Method Security (5:55)
Lesson 3: WebFlux Form Login (Text Only)
Keep Learning
Get Access to the Certification Class of this course (Learn Spring Security Core)
Get Access to the LSS - full course
Upgrade to Baeldung All Access - Master
Upgrade to Baeldung Pro
Lesson 4: Defining Custom Access-Control Logic (text-only)
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock