1
00:00:00,180 --> 00:00:06,300
Hello and welcome to the Spring Security Zero to Master, this is the full in detail course on

2
00:00:06,300 --> 00:00:12,900
spring security, which is one of the most popular framework focusing on truly security when we are

3
00:00:12,900 --> 00:00:21,450
developing web or standalone applications using either spring MVC, REST services or microservices patterns in

4
00:00:21,450 --> 00:00:22,500
Java

5
00:00:22,500 --> 00:00:30,060
Spring Security is a powerful and highly customizable authentication and authorization framework for developing

6
00:00:30,060 --> 00:00:33,350
Java applications that is available in today's world.

7
00:00:33,630 --> 00:00:41,070
Like any other spring projects, the real power of spring security not only lies in its features, but

8
00:00:41,070 --> 00:00:48,750
also on how easily we can adopt and extend its features to meet our custom security requirements inside

9
00:00:48,750 --> 00:00:49,980
our Web application.

10
00:00:50,190 --> 00:00:57,300
This is the course, which is developed for students, developers, architects who are interested in learning

11
00:00:57,510 --> 00:01:06,180
how to handle and solve the most common security related requirements and challenges inside the enterprise

12
00:01:06,180 --> 00:01:07,340
web applications.

13
00:01:08,720 --> 00:01:15,380
This course will also answer your most common security related questions, like how to secure my Web

14
00:01:15,430 --> 00:01:21,890
application or mobile application or REST services, how to store my user passwords, how to encrypt

15
00:01:21,890 --> 00:01:28,220
them, decode them, how to manage them using spring security features like password encoders and at

16
00:01:28,220 --> 00:01:31,280
the same time how to maintain different users, roles

17
00:01:31,280 --> 00:01:37,940
authorities inside my application, along with the industry best standard features like making your

18
00:01:37,940 --> 00:01:44,960
user to login only once instead of asking him to log in again and again for each request that he's going

19
00:01:44,960 --> 00:01:46,640
to make to the back end system.

20
00:01:46,820 --> 00:01:52,820
It also covers how to achieve fine-grained security, using roles, authorities and method level securities

21
00:01:52,820 --> 00:01:59,260
that is available inside spring security framework, along with the industry standard topics like CSRF

22
00:01:59,270 --> 00:02:00,980
attacks, CORS restrictions

23
00:02:01,160 --> 00:02:06,380
What are tokens, how they can be leveraged inside authentication and authorization systems.

24
00:02:06,770 --> 00:02:08,419
What are JWT tokens?

25
00:02:08,419 --> 00:02:13,810
What is OAUTH2 and how to prevent most common security related attacks inside your web applications.

26
00:02:14,660 --> 00:02:19,220
This is the course agenda that will be covering in detail in the entire course.

27
00:02:19,430 --> 00:02:24,590
Initially will start with spring security core features like what are important packages, interfaces,

28
00:02:24,590 --> 00:02:31,610
classes and annotations available in spring security framework, along with the project set using spring

29
00:02:31,610 --> 00:02:38,630
security framework. Post that we will also speak about what is authentication, what is authorization, how

30
00:02:38,630 --> 00:02:43,850
to configure it inside your application and how to apply restrictions to your end path 

31
00:02:43,850 --> 00:02:50,300
URLs or APIs and how to configure roles and authorities along with what are the different

32
00:02:50,300 --> 00:02:55,400
strategies that spring security provides when coming to passwords like storing them, encrypting them,

33
00:02:55,400 --> 00:02:56,270
decoding them.

34
00:02:56,570 --> 00:03:02,120
We will be also looking at the global method security, which is a feature provided by spring security

35
00:03:02,120 --> 00:03:07,370
on how to apply security and authorization rules on top of your Java methods.

36
00:03:07,520 --> 00:03:12,980
And Last will be covering the most common security hot topics like what is OAUTH2?

37
00:03:13,190 --> 00:03:14,060
What is CSRF?

38
00:03:14,060 --> 00:03:16,100
CORS?,  what are JWT tokens?

39
00:03:16,310 --> 00:03:20,700
So all those industry standard vulnerabilities will be discussed.

40
00:03:20,700 --> 00:03:27,890
And throughout this entire course and again, I want to highlight that this course is not only about

41
00:03:27,890 --> 00:03:28,340
theory.

42
00:03:28,610 --> 00:03:36,230
While we are discussing section by section each theory topic of spring security, parallelly we will be building

43
00:03:36,230 --> 00:03:39,410
an application throughout all these milestones.

44
00:03:39,410 --> 00:03:45,920
Right, from creating a basic spring security project and enhancing to have a login page for it and

45
00:03:45,920 --> 00:03:52,400
implement authentication authorization rules inside it and configuring passwords, method level security

46
00:03:52,400 --> 00:03:53,000
inside it.

47
00:03:53,210 --> 00:03:59,660
And at last we will also build an application using OAUTH2 framework by pointing to the GitHub Authorization

48
00:03:59,660 --> 00:04:06,890
server where our project will point to the GitHub Authorization server to allow user to use his GitHub

49
00:04:06,890 --> 00:04:09,290
credentials to login into our application.

50
00:04:10,360 --> 00:04:15,940
This is the sample, eazy bank application that we are going to build throughout this course where it

51
00:04:15,940 --> 00:04:23,230
will have a login page and other free form pages like contact us, notices where users can access them

52
00:04:23,230 --> 00:04:25,600
without authentication and authorization

53
00:04:25,720 --> 00:04:30,490
And at the same time, if they want to use the secure features or protected resources that are

54
00:04:30,490 --> 00:04:37,420
available inside our Web application, then definitely they have to go through login page where post they

55
00:04:37,420 --> 00:04:43,570
can see their transaction details, loans, cards that they have inside our application.

56
00:04:43,570 --> 00:04:49,000
But all of these features will have authentication and authorization applied inside them.

57
00:04:49,150 --> 00:04:55,060
And atlast will also be a simple application where as soon as you try to access a protected resource

58
00:04:55,060 --> 00:05:01,720
inside, it we will be redirect to GitHub to use our credentials inside our application that we are

59
00:05:01,720 --> 00:05:02,440
going to build.

60
00:05:02,650 --> 00:05:07,920
So this way will be also exploring OAUTH2 framework inside this course.

61
00:05:07,930 --> 00:05:11,200
With this I'm very excited onboarding you on to this course.

62
00:05:11,650 --> 00:05:13,870
Thank you so much for choosing this course.

63
00:05:14,140 --> 00:05:18,280
And I hope you will learn what you are expecting from this course.

64
00:05:18,580 --> 00:05:19,110
Thank you.

65
00:05:19,120 --> 00:05:21,010
And see you in the next section. BYE