We may earn an affiliate commission when you visit our partners.
Course image
Sergey Kargopolov

This video course is for beginner Java developers who are interested in learning how to secure OAuth 2.0 Resources in Spring Security 5.

The course covers only the new OAuth 2.0 stack in Spring Security 5.

You will learn how to: 

Read more

This video course is for beginner Java developers who are interested in learning how to secure OAuth 2.0 Resources in Spring Security 5.

The course covers only the new OAuth 2.0 stack in Spring Security 5.

You will learn how to: 

  • Perform each OAuth 2 authorization flow,

    • Authorization Code,

    • PKCE-enhanced authorization code,

    • Client credentials,

    • Password credentials.

  • Startup and configure the Keycloak server,

  • Configure OAuth 2 Resource Server,

  • Startup multiple Resource Servers on random port numbers,

  • Configure Spring Cloud API Gateway,

  • Configure and use Eureka Registry and Discovery Service,

  • Build a simple Spring MVC Web Application that fetches data from a protected Resource Server running behind Spring Cloud API Gateway.

  • Implement a simple JavaScript application that uses PKCE-Enhanced authorization code to acquire JWT access tokens and communicate with protected Resource Server,

  • Learn how to refresh an expired JWT Access token,

  • Learn to implement Scope-base access control,

  • Learn how to implement Role-based access control,

  • OAuth social login with Facebook, Google, and Okta accounts,

  • Implement Keycloak Remote User Authentication(User Storage SPI)

  • New Spring Authorization Server version 0.2.2

This is a step-by-step video course that explains how to use OAuth 2 from the very beginning. If you do not have experience with OAuth and would like to learn how to use it in Spring Boot Web Applications, then this video course is for you.

Enroll now

Here's a deal for you

We found an offer that may be relevant to this course.
Save money when you learn. All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.

What's inside

Learning objectives

  • Oauth 2.0
  • Oauth 2 authorization flows
  • The new oauth 2.0 stack in spring security 5
  • Use oauth 2.0 in spring boot applications
  • Configure oauth 2.0 resource server
  • Keycloak identity and access management solution
  • Resource servers behind api gateway
  • New spring authorization server
  • Oauth 2.0 in mvc web app
  • Oauth 2 - social login
  • Oauth2 + pkce in javascript application
  • Register resource servers with eureka service registry
  • Show more
  • Show less

Syllabus

Introduction
Source Code
Presentation files
Introduction to OAuth 2
Read more
OAuth 2.0 Roles
Current State of OAuth 2.0 in Spring Security 5
OAuth 2.0 Client Types
OAuth Access Token
OAuth2 and OpenID Connect (OIDC)
OAuth 2 Grant Types and Authorization Flows
Authorization Code. Introduction.
Authorization Code Demo. Initial Request.
Important note
Authorization Code Demo. Exchange code for Access token.
PKCE-enhanced Authorization Code
Generating PKCE Code Verifier
Generating PKCE Code Challenge
PKCE Demo. Requesting Authorization Code
PKCE Demo. Exchanging Code for Access Token
Client Credentials
Client Credentials Grant Type Demo
The Password Credentials Flow
The Password Credentials Flow: Demo
Refreshing Access Token
Requesting Refresh Token that never expires
Refreshing Access Token. Demonstration.
Keycloak. The Standalone Authorization Server.
[Updated] Downloading Standalone Authorization Server Keycloak
[Updated] Starting and Stopping Keycloak server
[Updated] Creating an Admin user
[Updated] Creating a new Realm
[Updated] Creating a new user
[Updated] Creating a new OAuth Client
[Updated] Configuring Client Application Secrets
[Updated] Requesting Access Token and Refresh Token
[Updated] Enable/Disable OAuth 2.0 Authorization Flow
[Updated] OAuth 2.0 Client Scopes
OAuth Resource Server
Creating a new project
Import project into Spring Tool Suite IDE
Starting Resource Server on different port number
Creating a Rest Controller Class
Access Token Validation URIs
Accessing endpoints with an Access Token
Accessing Principal and JWT Claims
Demo - Accessing JWT Claims
Resource Server - Scope Based Access Control
[Updated] Create WebSecurity class and enable WebSecurity
[Updated] Configure basic HttpSecurity in Resource Server
[Updated] Resource Server OAuth Scope-based Access Control
Demo - Access Resource Server without using proper Scope
Demo - Access Resource Server using proper Scope
Creating OAuth 2 Scope in Keycloak
Role Based Access Control with Keycloak
Source code
Creating User Role
Securing Endpoints to a Specific Role
Creating Role Converter class
Decoding JWT to find user roles
Converting Roles into GrantedAuthority objects
Register JwtAuthenticationConverter with HttpSecurity
Trying how it works
Resource Server: Method Level Security
Enable Method Level Security
@Secured annotation example
@PreAuthorized annotation
Reading UserId from JWT Access Token
Trying how the @PreAuthorized annotation works
Creating getUser() to be used with @PostAuthorize
@PostAuthorized annotation
Trying how to the @PostAuthorized annotation works
Resource Server Behind API Gateway
Creating API Gateway Project
Import API Gateway to Spring Tool Suite
Configuring API Gateway Routes
Albums & Photos Resource Servers
Routing to multiple Resource Servers
Eureka Discovery Service
Creating Eureka Discovery Service Project
Configuring Eureka project
Configure Resource Server as Eureka Client
Eureka Client Dependency
@EnableDiscoveryClient and configuration properties
Exercise
Solution overview

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Explores topics relevant to OAuth 2 authorization flows and Spring Security
Provides a comprehensive overview of OAuth 2 concepts and their implementation in Spring Security 5
Offers hands-on labs and interactive materials to enhance understanding
Suitable for beginner Java developers looking to learn about securing OAuth 2 Resources in Spring Security 5
Incorporates industry-standard practices, including OAuth 2 Authorization Flows and the New OAuth 2.0 stack in Spring Security 5

Save this course

Save OAuth 2.0 in Spring Boot Applications to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in OAuth 2.0 in Spring Boot Applications with these activities:
Review the concepts of OAuth 2.0 and Spring Security
Refreshing your knowledge of OAuth 2.0 and Spring Security will help you better understand the concepts covered in this course.
Browse courses on OAuth 2.0
Show steps
  • Review your notes from previous courses or textbooks
  • Read articles or blog posts about OAuth 2.0 and Spring Security
  • Watch videos or tutorials on these topics
Join or create a study group for OAuth 2.0 in Spring Security
Joining a study group will provide you with a supportive environment to learn and discuss OAuth 2.0 concepts with other students.
Show steps
  • Find a study group online or in your local area
  • Attend study group meetings regularly
  • Participate in discussions and share your knowledge
Complete practice problems on OAuth 2.0
Solving practice problems will reinforce your understanding of OAuth 2.0 concepts and improve your ability to apply them in real-world scenarios.
Show steps
  • Find practice problems online or in textbooks
  • Attempt to solve the problems on your own
  • Review your solutions and identify areas where you need improvement
Show all three activities

Career center

Learners who complete OAuth 2.0 in Spring Boot Applications will develop knowledge and skills that may be useful to these careers:
Web Developer
Web Developers design, develop, and maintain websites. They work with a variety of programming languages and technologies to create websites that are both visually appealing and functional. This course could be helpful for Web Developers who need to use OAuth 2.0 to implement user authentication and authorization on their websites. It covers a variety of topics related to OAuth 2.0, including authorization flows, resource servers, and access tokens.
Full-Stack Developer
Full Stack Developers are in charge of all aspects of software development. They work on both the front-end and back-end of applications, ensuring that all components work together seamlessly. This course could be helpful for Full Stack Developers who want to learn how to use OAuth 2.0 in their applications. It covers a variety of topics related to OAuth 2.0, including authorization flows, resource servers, and access tokens.
Software Developer
Software Developers design, develop, and maintain software applications. They work with a variety of programming languages and technologies to create software that meets the needs of users. This course may be useful for Software Developers who want to learn how to use OAuth 2.0 in their applications. It covers a variety of topics related to OAuth 2.0, including authorization flows, resource servers, and access tokens.
Cloud Architect
Cloud Architects design, develop, and manage an organization's cloud computing infrastructure. They work with a variety of cloud computing technologies to create cloud-based solutions that meet the organization's needs. This course may be helpful for Cloud Architects who want to learn how to use OAuth 2.0 to secure their organization's cloud-based resources.
DevOps Engineer
DevOps Engineers work with a variety of technologies and tools to automate the software development process. They help to ensure that software is developed, tested, and deployed quickly and efficiently. This course may be helpful for DevOps Engineers who want to learn how to use OAuth 2.0 to secure their organization's software development process.
Security Engineer
Security Engineers design, develop, and manage an organization's security infrastructure. They work with a variety of security technologies to create security solutions that meet the organization's needs. This course may be helpful for Security Engineers who want to learn how to use OAuth 2.0 to secure their organization's resources.
IT Architect
IT Architects design, develop, and manage an organization's IT infrastructure. They work with a variety of technologies to create IT systems that meet the organization's needs. This course may be helpful for IT Architects who want to learn how to use OAuth 2.0 to secure their organization's IT resources.
Security Analyst
Security Analysts investigate and respond to security incidents. They work with a variety of security technologies to identify and mitigate threats. This course may be useful for Security Analysts who want to learn how to use OAuth 2.0 to investigate and respond to security incidents.
System Administrator
System Administrators manage an organization's computer networks and systems. They work with a variety of technologies to keep systems running smoothly and securely. This course may be helpful for System Administrators who want to learn how to use OAuth 2.0 to secure their organization's resources.
Cloud Security Engineer
Cloud Security Engineers design, develop, and manage an organization's cloud security infrastructure. They work with a variety of cloud security technologies to create security solutions that protect cloud-based resources from vulnerabilities.
Penetration Tester
Penetration Testers identify and exploit vulnerabilities in an organization's computer networks and systems. They work with a variety of security technologies to identify and mitigate threats. This course may be useful for Penetration Testers who want to learn how to use OAuth 2.0 to identify and exploit vulnerabilities in OAuth 2.0 implementations.
Data Analyst
Data Analysts collect, clean, and analyze data to help organizations make better decisions. They use a variety of statistical and machine learning techniques to identify trends and patterns in data. This course may be useful for Data Analysts who need to access protected data resources. It covers a variety of topics related to OAuth 2.0, including authorization flows, resource servers, and access tokens.
Application Security Engineer
Application Security Engineers design, develop, and manage an organization's application security infrastructure. They work with a variety of security technologies to create security solutions that protect applications from vulnerabilities.
Database Administrator
Database Administrators manage an organization's databases. They work with a variety of database technologies to ensure that databases are running smoothly and securely. This course may be helpful for Database Administrators who want to learn how to use OAuth 2.0 to secure their organization's databases.
Information Security Analyst
Information Security Analysts are responsible for protecting an organization's computer networks and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Information Security Analysts who want to learn how to use OAuth 2.0 to protect their organization's resources.

Reading list

We've selected five books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in OAuth 2.0 in Spring Boot Applications.
Provides a comprehensive overview of cloud native development with Java. It covers a wide range of topics, including application development, testing, and deployment. A great resource for developers who want to learn more about cloud native development and how to use Java to build cloud native applications.
Provides a broader perspective on web services security, including coverage of OAuth 2.0 and other related protocols.
This cookbook provides a collection of practical recipes for solving common problems when working with Spring Boot. It covers a wide range of topics, including application development, testing, and deployment. A great resource for developers who want to learn more about Spring Boot and how to use it effectively.
Covers the fundamentals of building REST APIs with Spring, including security considerations and OAuth 2.0 integration, providing a broader context for understanding OAuth 2.0 in web applications.
Provides a comprehensive overview of OAuth 2.0. It covers the core concepts of OAuth 2.0, as well as its implementation in various programming languages. It also provides a number of case studies of how OAuth 2.0 is being used in the real world.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to OAuth 2.0 in Spring Boot Applications.
Securing React 16 Apps with Auth0
Most relevant
Effective OAuth2 with Spring Security 5 and Spring Boot
Most relevant
Authentication and Authorization in Spring Boot 3 Using...
Most relevant
Securing Spring Data REST APIs
Most relevant
Vue 3 Authentication and Authorization
Most relevant
Spring Framework 6: Beginner to Guru
Most relevant
Building Real-Time REST APIs with Spring Boot - Blog App
Most relevant
Spring Framework 5: Using Spring Security OAuth2 Login
Most relevant
Implementing Windows Server 2019 Connectivity and Remote...
Most relevant
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser