Learn Spring Security Core

The definitive video guide to secure your Java application

Why Learn About Security?

Robust security for web applications is and has always been a must. But the security landscape has been changing rapidly over the last few years, with REST APIs becoming mainstream,  the huge adoption and evolution of OAuth2, single-page apps (SPAs), two-factor authentication (2FA) and so many other security requirements.

And the security market is huge – Gartner puts the numbers at 124 billion in 2020 and this is predicted to grow in the next years. Security work to be done well is abundant and very well paid.

But, you do need a solid, deep understanding of the security landscape.

Why Spring Security?

Spring Security has been getting better as well, with the launch of 5.0, and now 5.4, full Java configuration with lambdas, fantastic Boot integration, an entirely new OAuth2 stack, and support for pretty much any security mechanism you need.

Right now, in 2024, there’s no debate. Spring Security is THE framework to properly and intelligently do security if you’re working in Java.

The framework is fully able to handle everything you throw at it – from simple scenarios to highly complex security requirements. There are some OK alternatives, but nothing really comes close.

A Video Course is the best way you’ll learn coding
and tactical know-how.

Learn Spring Security... Fast

I’ve created this course to help you get to a full security education quickly. That’s the whole point in going through a course – it’s the fast way to learn the material and give you the Spring Security tools you need to secure your system.

Each module contains exhaustive video lessons along with code, lesson notes and resources to help you put the framework to use immediately in your app.

Each of the 2 classes features a different level of education:

The Master Class

This is the full material – the comprehensive, start-to-finish path from starting out with security to a real-world, solid understanding of how to use Spring Security in practice.

The deep-dives focus on implementations such as Two-Factor authentication, a full ACL system, Single Sign On, a complete registration mechanism, how to deal with various attack vectors – and many others.

The Certification Class

This class is simple – it contains the full material from the Master Class, plus downloads and multiple-choice questions – to help you get the most out of the material. When you’re done, you’re going to get a “Certificate of Completion” for the course. This is generally where professional developers find the greatest value.

I’ve created the Master Class to be THE reference Spring Security education if you’re working with Java today

Why Learn From Me?

I’m Eugen, and I’ll be your instructor through this course.

I’ve been teaching Spring Security quite extensively in my own consulting work for over a decade now. I’ve helped teams implement (most commonly re-implement) security in their systems over a ridiculous number of Spring versions. And I’ve been teaching security throughout most of that time.

The lessons here came out of that experience, with the core goal of showing you the ins and outs of the security framework, and give you a clear map of how to use it in practice (especially in the more advanced modules).

To be clear – you can’t get there by just watching videos – you’ll need to code, along with me, through the material. The videos and exercises are your reference to come back to – whenever you need them.

The course is amazing. I’m not really a junior regarding the Spring framework.

I decided to go through all your materials, even the ones focused on beginners, though I’m not a beginner myself.

I try to apply what I’ve learned in live projects that I’m working on and improve my coding skills by using your course. The only problem that I have is time, but step by step I’m going through all your materials. Sometimes I only go through the lesson I need at that moment.

I recommend your course to anyone who might need it – my colleagues, friends, and fellow students. You did a great job with this course. Thank you for that!

– Alexandru-Bogdan Galusca, Software Engineer at Miracle A/S

 

This course, as I’m sure you’re aware – is primarily focused on the core of Spring Security If your core focus is OAuth, then definitely have a look at the “Learn Spring Security OAuth” course.

The Master Class

The canonical reference for securing a Spring application.

The 14 modules, with over 8 hours of video material, cover everything from the basics of Spring Security in both an MVC application and a REST API, to advanced deep-dives into fully working security implementations.

We’ll do a complete ACL implementation for applications that simply need to go beyond roles and privileges, we’ll tackle 2FA for extra security and we’ll focus on Multi-Tenancy, LDAP, Single Sign On and a wide variety of other scenarios.

This is everything I wish I had access to when I secured my first application with Spring Security.

1. Secure a Simple Spring MVC Application

7 LESSONS (6 Video + 1 Text) ~ 3 HOURS

  1. Intro to Spring Security 
  2. A Basic Security Java Config 
  3. URL Authorization (Preview lesson)
  4. Building a Login Form 
  5. Implementing Logout 
  6. Anonymous “Authentication”
  7. Overview of Spring Security Objects (text)

2. A Full Registration Flow

6 LESSONS (Video) ~ 2.5 HOURS

  1. A Simple Registration Flow 
  2. Authentication using Real Users 
  3. Activate a New Account via Email 
  4. Deal with “I forgot my password” 
  5. Doing Security Questions Right 
  6. Ensure Password Strength during Registration (2 parts)

3. Remember Me

3 LESSONS (Video) ~ 1 HOUR

  1. A Simple Remember Me Flow (Preview lesson) 
  2. Remember Me with Cookie 
  3. Remember Me with Persistence (Preview lesson)

4. Spring Security on the Client

4 LESSONS (Video) ~ 1.5 HOURS

  1. Spring Security with JSP
  2. The Authentication Tag and Displaying the Current User 
  3. Spring Security with Thymeleaf 
  4. The Authorize Tag

5. Spring Security Expressions

4 LESSONS (Video) ~ 1.5 HOURS

  1. By URL Authorization with Expressions 
  2. On-method Authorization with Expressions 
  3. In-page URL Authorization with Expressions 
  4. Programmatic Expressions and a custom PermissionEvaluator

6. Password Storage

5 LESSONS (Video) ~ 2 HOURS

  1. Introduction to Storing Passwords 
  2. Hashing Passwords (MD5 and SHA-256) 
  3. Why Hashing Isn’t Enough – Using Salts 
  4. Key Stretching 
  5. The bcrypt Solution

7. Spring Security Advanced Configuration

4 LESSONS (Video) ~ 2 HOURS

  1. Breaking Down the Authentication Flow 
  2. Run As a Different User 
  3. The Security Context 
  4. Configure the Filter Chain

8. Advanced Authentication

5 LESSONS (4 Video + 1 Text) ~ 2.5 HOURS

  1. A Custom Authentication Provider 
  2. Multiple Providers and the Authentication Manager 
  3. In-Memory, JDBC and Hibernate/JPA User Storage 
  4. Tracking Logged-in Users
  5.  Setting up Users at Startup (text)

9. Advanced Authorization

4 LESSONS (Video) ~ 2.5 HOURS

  1. How Authorization Works 
  2. The Topology of Roles and Privileges (2 parts) 
  3. Secure Method Invocations with AOP 
  4. A Custom AccessDecisionVoter (Preview lesson)

10. Basic REST API Security

3 LESSONS (Video) ~ 1 HOUR

  1. The Basics of API Security 
  2. Basic Authentication for the API 
  3. Certificates and HTTPS for Tomcat

11. ACL with Spring Security

3 LESSONS (Video) ~ 2 HOURS

  1. Introduction to ACL and Domain Object Security 
  2. The Data Structure of ACL
  3. ACL with Spring Security (2 parts)

12. Two-Factor Authentication

2 LESSONS (Video) ~ 1 HOUR

  1. A Simple Two-Factor Implementation with a Soft Token (Preview lesson) 
  2. A Two-Factor Implementation with SMS

13. Advanced Spring Security Scenarios

4 LESSONS (Video) ~ 2 HOURS

  1. Spring Security for a non-Spring Application 
  2. Multi-Tenancy with Spring Security 
  3. Session Management with spring-session 
  4. Spring Security with LDAP 

14. Reactive Security

3 LESSONS (2 Video + 1 Text) ~ 1 HOUR

  1. A Basic Reactive Security Example 
  2. Reactive Method Security
  3. WebFlux Form Login (text)

The Certification Class

This Class contains the same material as the Master Class, but goes beyond the core material with:

Of course, if you have any questions about the material, ping me directly here, on chat, or over email.

Master Class


The canonical reference to secure a web application.
  • All 14 Modules
  • 61 Video Lessons
  • -
  • -
  • -

Certification Class


This Class includes the Master Class material, exercises, downloads and the Certificate of Completion
  • All 14 Modules
  • 61 Video Lessons
  • + Exercises in Each Lesson
  • + Full Downloads for All Videos
  • + Certificate of Completion

The Full Learn Spring Security - Certification Class


The canonical reference to secure a web application
  • All 20 Modules
  • 81 Video Lessons
  • + Exercises in Each Lesson
  • + Full Downloads for All Videos
  • + Certificate of Completion
If you’re looking to get both this course as well as Learn Spring Security OAuth,,

Have a look at the full Learn Spring Security Course →

Do you have a team who would benefit from taking the course?

rws-course-page-img-guarantee.png

20-Day Money Back Guarantee

I believe strongly in the quality of the course material to teach you the fundamentals of coding in Spring. I’ve put a lot of work and care into these lessons and hope you’re going to use it fully and up your Spring game.

I confidently back all classes with a 20-Day Money Back Guarantee. I want you to dive in deep and experience the full wealth of this resource without hesitation.

If the material isn’t a good fit, just contact me within 20 days of purchase, and ask for a full refund for any single course package.

Eugen is a very knowledgeable teacher and communicates his material in a clear and concise manner. I am self-taught in Spring and a semi-ok to good Java developer but found the barrier to entry to learn Spring too high.

I’ve saved myself hundreds of hours of research and learning effort by taking his courses. The material is easy to follow and broken up into appropriate lengths allowing for timely progress. The course also can be used as reference material on the subject matter allowing you to quickly jump in and explore a given topic. The courses are worth every cent!

– Thomas Sødring, Associate Professor at Oslo and Akershus University College of Applied Sciences

 

The lessons are practical and easy to follow and the structure of the course allows you to watch the videos in one go, or pick individual topics any time you want. Some previous experience with Spring is needed but I think that’s to be expected from an advanced course..
Alexander Fridlund
Consultant and owner Visegue Solutions AB
I got a lot out of the course, especially the registration with email validation, two factor authentication and how to use the framework interfaces. I was actually able to apply the knowledge in a project for my client, so I’d definitely recommend the course to anyone wanting to learn about Spring Security.
Li Zhang
Senior Software Engineer at Grant Thornton LLP
I have several years of experience with Java and REST, and I am now working on a project that makes heavy use of Spring and OAuth2. Because initially I was not involved in it, a lot of Spring aspects have been hard work for me. This course has given me a better knowledge of Spring and showed really good examples of how to test.
John Reah
Head of Software Engineering at HTK
The great combination of theory and practice turned this video course into a real workshop. With all the practical knowledge and live examples, I’ve not only learned a lot but also systematized my Spring knowledge.
Maciej Scislowski
Senior Java Consultant
I went through the course step by step and I’ve been using it in many ways ever since. I like the combination of theory and real-life implementation - that helped me solve many practical problems in my daily work.
Bernd Fischer
CTO at MindApproach GmbH
The course is very practical and shows how things can be done in production-grade code. The fact that the lessons are video-based with transcripts and code projects for each step makes the course very accessible. It requires literally only a few minutes between buying the course and following the first lessons.
Bavo De Ridder
IT Solution Architect at VDAB
Thanks for putting this together. I greatly appreciate the great lesson's pace - they're not dry or boring. The content is well worth it - industry-standard stuff, and used throughout enterprises and start-ups alike. It'd be hard to gather this much information and detail even after years of experience
Rob Anhart
Senior Professional Services Engineer at Netskope
I knew what authentication and authorization were and the basic methodologies for implementing them in an application. What I seriously lacked was the knowledge of what was going on behind the scenes. The videos really helped me understand what is happening under the hood and truly customize Spring Security to fit my needs.
Timothy Schmiandle
Engineering Team Lead at Finicity
The implementation of best security practice for production grade apps is a real minefield. This course has been an invaluable resource in helping us with our web application security. There are dozens of toy Spring Security examples on the web, but we really needed one which showed us what a production grade implementation looks like.
Leon Roy
CEO at Brring