Reactive Spring Security 5 Workshop
This is a hands-on workshop on securing a reactive Spring Boot 2.x based web application using Spring Security 5.x.
Presentation
Topics
Topics that will be covered by this workshop are:
- Reactive Streams Programming with Project Reactor and Spring WebFlux
- OWASP Top 10 Application Security Risks 2017
- Base concepts of Spring Security 5 (i.e. Security Web Filter Chain)
- Authentication
- Authorization
- Secure password encoding and encoding upgrades
- Security Headers
- Coverage of common security challenges like
- Session fixation
- CSRF
- SQL injection
- XSS
- Automated security testing
- OAuth 2.0 and OpenID Connect 1.0
Requirements
To start the workshop you need:
- Java JDK version 11 or 17
- A Java IDE (Eclipse, STS, IntelliJ, VS Code, NetBeans, ...)
- Postman, Httpie, or Curl for REST calls
- MongoDB Compass or Robo 3T to look inside the embedded MongoDB instance
- The workshop tutorial documentation (html or pdf)
- The initial reactive application to be made secure
- The REST API documentation of the initial reactive application
Please follow the setup guide to get your machine ready for this workshop.
Workshop structure
The workshop is split up into the following parts:
- Basic Security
- OAuth 2.0 / OpenID Connect
License
Apache 2.0 licensed
Copyright (c) by 2019-2021 Andreas Falk