sailor4242/reactive-spring-security-5-workshop

Hands-On workshop for securing a reactive spring boot 2 application in multiple steps

Reactive Spring Security 5 Workshop

This is a hands-on workshop on securing a reactive Spring Boot 2.x based web application using Spring Security 5.x.

Presentation

Presentation Slides (Online)

Topics

Topics that will be covered by this workshop are:

• Reactive Streams Programming with Project Reactor and Spring WebFlux
• OWASP Top 10 Application Security Risks 2017
• Base concepts of Spring Security 5 (i.e. Security Web Filter Chain)
• Authentication
• Authorization
• Secure password encoding and encoding upgrades
• Security Headers
• Coverage of common security challenges like
  • Session fixation
  • CSRF
  • SQL injection
  • XSS
• Automated security testing
• OAuth 2.0 and OpenID Connect 1.0

Requirements

To start the workshop you need:

• Java JDK version 8, 9 or 11
• A Java IDE (Eclipse, STS, IntelliJ, VS Code, NetBeans, ...)
• To test the RESTful services on the command line curl or httpie would be helpful to install
• Robo 3T to look inside the embedded MongoDB instance
• The workshop tutorial documentation (html or pdf)
• The initial reactive application to be made secure
• The REST API documentation of the initial reactive application

Workshop structure

The workshop is split up into the following parts:

• Basic Security
  • Lab 1: Auto Configuration
  • Lab 2: Customize Authentication
  • Lab 3: Add Authorization
  • Lab 4: Security Testing
• OAuth 2.0 / OpenID Connect
  • Lab 5: Resource Server
  • Lab 6: Client

License

Apache 2.0 licensed

Copyright (c) by 2019 Andreas Falk