This project contains the course materials for the "Spring Security Zero to Master" course, which is designed to provide a comprehensive understanding of the Spring Security architecture, packages, interfaces, and classes that handle authentication and authorization requests in web applications.
The project covers a wide range of topics related to Spring Security, including:
- Spring Security framework details and its features
- Adapting security for a Java web application using Spring Security
- Password management in Spring Security with PasswordEncoders
- Deep dive into encoding, encryption, and hashing
- CSRF and CORS, and how to address them
- Authentication and Authorization, and the differences between them
- Securing endpoint URLs inside web applications using Ant, MVC & Regex Matchers
- Filters in Spring Security and how to write your own custom filters
- Deep dive into JSON Web Tokens (JWT) and their role in Authentication & Authorization
- Deep dive into OAUTH2 and various grant type flows
- Deep dive into OpenID Connect and its relation to OAUTH2
- Applying authorization rules using roles, authorities inside a web application using Spring Security
- Method level security in web/non-web applications
- Social Login integrations into web applications
- Setting up an Authorization Server using KeyCloak