Trifork Academy is the official training partner of VMware in the Netherlands & exclusive provider of the Spring Security Masterclass. Learn more from our CTO & Trainer, Joris Kuipers.

In this masterclass you will learn the foundation for securing enterprise & microservices applications using Spring Security. You will gain hands-on experience with major features of Spring Security such as, authentication, authorization, password handling & many more.

Course Overview

Objectives & Prerequisites

By the end of the course, you should be able to meet the following objectives:

Use Spring Security in Spring and Spring Boot applications
Configure the Spring Security filter chain
Protect HTTP endpoints with expression-based access control and the AuthorizationManager API
Protect method execution
Use different authentication mechanisms
Handle passwords in an efficient way
Integrate Spring Security with Junit 5 and MockMVC to test HTTP and method security
Protect against common vulnerabilities and threats
Understand what OAuth2 is
Use and configure the Spring Authorization Server
Implement a resource server and client

Prerequisites

Developer experience building applications with Spring Boot, experience using an IDE (Eclipse, Spring Tools, IntelliJ, or VS .ode), and experience using build tools such as Maven or Gradle.

Day 1: Security Introduction, Spring Security Basics, Customising Authentication...

Security Introduction

Need for security
Basic security concepts
Common security vulnerabilities

Spring Security Basics

Introduction to Spring Security
High-level architecture
Overview of SecurityContext
Spring Security with Spring Boot

Customising Authentication

Building blocks for authentication
Authentication mechanisms based on user name and password
Other authentication mechanisms
Authentication events

Securing Web Applications

Configuring authorization
Using AccessDecisionsManager for authorization
Using AuthorizationManager for authorization
Bypassing security

Method Security

Method security architecture
Declarative method security with annotations

Spring Testing

Spring Security Testing Support
Security mock annotations and meta-annotations
Using MockMvc to test security

Day 2: Handling Passwords, OAuth2 and OIDC Concepts, Spring Authorization Server...

Handling Passwords

Password hashing
Upgrading passwords

(Optional) Protecting Against Common Vulnerabilities

Hardening web applications with security headers
Preventing cross-site request forgery
Encrypting data in transit

OAuth2 and OIDC Concepts

Need for OAuth
Overview of OAuth2 and OIDC
OAuth2 grant types
Types of tokens
Spring Security OAuth2 support and OAuth2 login

Spring Authorization Server

Introduction to Authorization Server
Spring Authorization Server endpoints
Spring Authorization Server configuration

Protecting and accessing resources with OAuth2

Resource server
Using JWT tokens
Using opaque tokens
Configuring an OAuth2 client

Why Attend?

The focus of the 2-Day Spring Security Masterclass is not simply to explain the major features & how to use them, but also zooms in on the fundamental security issues you need to take into consideration when securing enterprise & microservices application. You should expect the following from the course:

Training led by seasoned Software Architects with decades of Spring experience.
Tips, tricks and real-world examples in addition to the official course material.
Gain real skills that you can start using in your Spring project immediately.

Client Testimonials

Very good course that reveals a lot of the magic behind Spring!

Antonio

Software Developer

https://trifork.nl/academy/wp-content/uploads/sites/2/2023/04/Matthaus.jpeg

Great course with an exceptionally knowledgeable tutor.

Matthäus

Senior IT Consultant

I like Joris as a trainer. He is a master of the material with tons of experience to give great examples.

Dennis

Java Expert

Meet Our Expert Trainers

Joris Kuipers

Chief Technology Officer

Joris has been educating developers on Spring for over 15 years. In addition to training he works as CTO of Trifork Amsterdam. His extensive experience with Spring means that he can provide a lot of tips, tricks and real-world examples.

Martin Tilma

Software Architect

Martin has been working with the Spring Framework for over 20 years and has been leading software teams for the past 5 years as Software Architect for Product and Client Projects at Trifork.

Thomas zeeman

Software Architect

Thomas is an expert when it comes to Java, Spring & enterprise application development. Alongside being a trainer he’s also an Architect working on enterprise applications for customers involving Spring.

2-Day Spring Security

Course Overview

Why Attend?

Client Testimonials

Meet Our Expert Trainers

Our Upcoming Masterclasses

Spring Boot Masterclass

Building Microservices with Sam Newman

Software Architecture for Developers