Spring Security

Code: EDU-SS

This 2-day course offers hands-on experience with the major features of Spring Security, which includes configuration, authentication, authorization, password handling, testing, protecting against security threats, and the OAuth2 support to secure applications. On completion, participants will have a foundation for securing enterprise and microservices applications.



By the end of the course, you should be able to meet the following objectives:

  • Use Spring Security in Spring and Spring Boot applications
  • Configure the Spring Security filter chain
  • Protect HTTP endpoints with expression-based access control and the AuthorizationManager API
  • Protect method execution
  • Utilize different authentication mechanisms
  • Handle passwords in an efficient way
  • Integrate Spring Security with Junit 5 and MockMVC to test HTTP and method security
  • Protect against common vulnerabilities and threats
  • Understand what OAuth2 is
  • Use and configure the Spring Authorization Server
  • Implement a resource server and client


Intended Audience

Application developers who want to increase their understanding of Spring Security with hands-on experience and build secure Spring and Spring Boot applications.



Developer experience building applications with Spring Boot, experience using an IDE (Eclipse, Spring Tools, IntelliJ, or VS Code), and experience using build tools such as Maven or Gradle.


Course Outline

1 Security Introduction

  • Why security
  • Basic security concepts
  • Common security vulnerabilities


2 Spring Security Basics

  • Introduction to Spring Security
  • Spring Security architecture overview
  • Understanding security filters and the filter chain
  • Explaining the SecurityContext
  • Configuring Spring Security and Spring Boot auto-configuration


3 Securing Web Applications

  • Configuring HTTP security
  • Access control with AccessDecisionsManager
  • Access control with AuthorizationManager
  • Bypassing security


4  Method Security

  • Explaining method security architecture
  • Implementing declarative method security with annotations


5 Customizing Authentication

  • Using and customizing authentication building blocks (AuthenticationManager, AuthenticationProvider, UserDetailsService)
  • Username and password-based authentication mechanisms
  • Other authentication mechanisms
  • Authentication events


6 Handling Passwords

  • Password hashing
  • PasswordEncoder abstraction
  • Upgrading passwords


7 Security Testing

  • Using MockMvc to test security
  • Using Security mock annotations and meta-annotations
  • Testing method security


8 Protecting Against Common Vulnerabilities

  • Protecting against CSRF attacks
  • Using security headers
  • Configuring transport layer security


9 OAuth2 Concepts

  • What is OAuth2
  • Defining Spring Security OAuth2 support
  • Explaining authorization grant types
  • Using Access and ID tokens (Opaque vs JWT)
  • Understanding Scopes


10 The Spring Authorization Server

  • Describing the role of the Authorization Server
  • Configuring the Authorization Server


11 Protecting and accessing resources with OAuth2

  • Configuring OAuth2 login
  • Configuring the Resource Server
  • Implementing a client using the WebClient

Price (ex. VAT)

€ 1.929,00 per person


2 days


Please send us a message with the form below

Delivery methods

  • Classroom
  • On-site (at your location)
  • Virtual (instructor online)


We will contact you to discuss your requirements