This is a hands-on workshop on securing a reactive Spring Boot 2.x based web application using Spring Security 5.x.
Topics that will be covered by this workshop are:
- Reactive Streams Programming with Project Reactor and Spring WebFlux
- OWASP Top 10 Application Security Risks 2017
- Base concepts of Spring Security 5 (i.e. Security Web Filter Chain)
- Authentication
- Authorization
- Secure password encoding and encoding upgrades
- Security Headers
- Coverage of common security challenges like
- Session fixation
- CSRF
- SQL injection
- XSS
- Automated security testing
- OAuth 2.0 and OpenID Connect 1.0
To start the workshop you need:
- Java JDK version 8, 9 or 11
- A Java IDE (Eclipse, STS, IntelliJ, VS Code, NetBeans, ...)
- To test the RESTful services on the command line curl or httpie would be helpful to install
- Robo 3T to look inside the embedded MongoDB instance
- The workshop tutorial documentation (html or pdf)
- The initial reactive application to be made secure
- The REST API documentation of the initial reactive application
The workshop is split up into the following parts:
- Basic Security
- OAuth 2.0 / OpenID Connect
Apache 2.0 licensed
Copyright (c) by 2019 Andreas Falk