From beginner to intermediate to advanced level, you will learn the basic concepts of Spring Security, API usage, and internal architecture, and by completing a practical project based on this, you will learn the core technologies related to Spring Security authentication and authorization.
Complete mastery of Spring Security's basic API and related filters
Understanding the internal architecture of Spring Security and the roles and relationships between objects
Understanding Spring Security's authentication principles and internal workings
Understanding Spring Security's authorization principles and internal workings
Understanding how to integrate Spring Security and Spring MVC
Learn how to build a practical security system using Spring Security.
Spring Security provides a powerful API for implementing authentication and authorization control features.
You can implement a secure security system at a very low cost by using only the APIs provided by default.
This course is designed for users who have no idea how to use Spring Security at all, as well as those who have basic knowledge and experience but want to acquire more in-depth knowledge and deeply understand the core principles, internal structure, and operating methods of Spring Security and apply them .
This course focuses on the two core concepts of Spring Security: authentication and authorization.
[certification]
Spring Security supports various authentication methods, including Form, OAuth, JWT, and LDAP. This lecture will look at the Form authentication method.
Many web services implement security based on Form authentication, so it is an authentication method that you must fundamentally understand.
[impression]
Spring Security supports web layer authorization, service layer authorization, and domain layer authorization (ACL) access control features.
This course explores web-layer and service-layer authorization approaches.
In particular, in the fifth section, Practical Project Authorization, you will learn how to link with a database to enable dynamic permission control at a practical level.
If you learn the technology to link authorization control of the business layer as well as the web layer to the DB, it is expected to be very useful in actual operational services.
This course is divided into four major parts as follows:
You can implement authentication and authorization functions using Spring Security's basic API, but as the system grows in size and security requirements increase, it becomes difficult to meet the security functions you want to implement using only the basic API provided.
In order to freely extend the functionality of Spring Security and customize it in various ways to suit your needs , you must deeply understand the internal architecture of Spring Security and the overall operating principles and corresponding flows of how authentication and authorization are processed .
Additionally, this is essential information to understand the exact causes and solutions to various security errors that may unexpectedly occur when building a security system in conjunction with Spring MVC.
The authorization methods provided by Spring Security can be divided into two types.
The first is a declarative method that directly specifies permission information in the configuration file for a client's request, and the second is a dynamic method that manages permission information based on a map by linking with an external storage .
The first method is that as the system grows in size, the types and configurations of permissions become more complex. Managing authorization policies individually through configuration files is very inefficient and costs a lot of money in terms of maintenance.
To address these issues, Spring Security supports managing authorization policies in external storage, such as memory or DB, rather than directly managing authorization policies in configuration files.
This course will look at both the declarative approach, which is specified in the configuration file, and the dynamic approach, which is linked to the database. In particular, we will look at URL-based authorization control in the web layer, as well as Method and Pointcut-based authorization control in the business layer .
This will teach you how to implement a real-time dynamic permission control system without starting the server even when operating the service .
After studying the first and second sections of this course, you will proceed to understand the functions of Spring Security by completing practical projects from the third to the sixth sections.
[user]
It consists of screens such as Dashboard, User, Manager, and Preferences, and authentication and authorization policies are set and tested for each menu.
Authentication preparation and processing is done through the member registration and login page.
[manager]
It provides screens such as user management, permission management, and resource management, and is accessible only to users with administrator rights.
It is configured to enable dynamic management of permissions and resources through real-time CRUD processing of each function.
By setting user permissions through DB linking, you can check the results immediately on the user screen.
In practical projects, you will work in conjunction with technologies such as Spring Boot, Spring MVC, and Spring JPA.
We recommend that you study this course in advance before taking it, and you can learn Spring integration technologies in parallel while taking the course.
The important thing is to understand the core features of Spring Security, so it won't be a big problem to gradually understand the above linking techniques.
Who is this course right for?
For those who want to clearly understand the basic concepts of Spring Security
Those who want to freely extend and customize functions beyond the basic functions of Spring Security.
Anyone who wants to implement a practical authentication and authorization control system using Spring Security
It consists of content that can be used by anyone from beginners to intermediate to advanced users of Spring Security.
Need to know before starting?
Java
Spring Boot
Spring MVC
Spring JPA
9,875
Learners
327
Reviews
1,210
Answers
4.9
Rating
5
Courses
다양한 프로젝트에서 웹/모바일/솔루션 제품 개발과 관련된 업무를 진행해 오고 있으며 분석/설계/개발 Role 을 맡아 오고 있습니다.
공공기간, 교육프로그램, 기업 프로젝트, 쇼핑몰 등의 웹 개발 및 솔루션 프로그램, 프레임워크, 오픈소스 연동 등의 아키텍처 설계 및 구조적 고도화 개선 등을 해 오고 있으며 개발, PL 등의 역할을 맡았습니다.
다양한 Open Source 와 여러 기술적인 경험들을 통해 웹의 전반적인 기술 흐름들을 익혔으며 개발 경험이 거듭될 수록 요구사항의 기능 구현에만 거치지 않고 좀 더 OOP 적인 구조의 소프트웨어로서 안전성과 성능을 고려한 아키텍처링과 튜닝의 기술들을 접목시켜 지속적으로 더 훌륭한 소프트웨어를 완성하기 위한 연구와 개발 실무를 책임감 있게 맡아 오고 있습니다.
All
64 lectures ∙ (20hr 58min)
Course Materials:
All
229 reviews
4.7
229 reviews
Reviews 4
∙
Average Rating 5.0
5
I am a 4th year computer science student. In the case of Spring Security, if you search on Google, you will find a lot of information, and it is also a good idea to refer to the official reference on spring.io. However, in the case of security, the process of reorganizing scattered information is very difficult. Even if you search on Google without knowing anything, it only tells you how to set up SecurityConfig, and it does not explain in detail why it is used, so if you apply it to a personal project, you will encounter numerous errors. In my subjective opinion, if you do not know anything about security, I am sure that purchasing this lecture is much cheaper than the cost of searching and finding it yourself. If you are taking the lecture, it seems better to skip Chapters 1 and 2 at first and go straight to the practical training. If you are doing the practical training and you get stuck for some reason, you can understand it better and internalize it faster by looking at the detailed API explanation in Chapters 1 and 2. For example, when I only heard about Authentication Flow in theory, it was quite difficult, but when I applied it to my project in Chapter 3 of the practical training and listened to it again, the flow chart caught my eye right away. The PPT is also well organized by each step, so it is a material that I can carry with me for the rest of my life. I unconditionally recommend it to those who, like me, have simply sent password values directly to the DB without encryption in past projects, or made it so that all members who sign up can delete posts written by others, or simply made projects as a patchwork.
Thank you so much for your valuable and thoughtful review. When I first encountered Spring Security, I remember that there were not many reference materials available at the time, so it was really difficult to build a secure environment using Spring Security. Now, there are many more materials than before, but it is also true that it is not easy to find practical sources or content and develop them into meaningful functions. As you said, it is good to take the lectures in order, but I think it is also a good idea to take the lectures according to your level and understanding. With Faust's passion and determination, I am confident that you will be able to acquire much more knowledge than this lecture. This lecture took a lot of time to produce, so I know it will be difficult, but I hope you will complete it and achieve the purpose of this lecture. Once again, I sincerely thank you for leaving a valuable review.
Reviews 81
∙
Average Rating 5.0
5
I've been so absorbed in the lecture that I haven't been able to get out for weeks. The materials you provide are amazing, and I can feel the depth of knowledge you share just by looking at the answers you give on the Q&A board. I think I should listen to it again quickly after finishing the lecture. I'm glad I found this gem of a lecture. I'm looking forward to the next lecture. Thank you for making such a great lecture. ^___^
Even though it is a lecture that is lacking, I feel even more burdened because you praised me so much. Thank you for your valuable evaluation. It seems that you have a great passion for learning and studying since you listened to a lot of lectures in a short period of time. I have no doubt that you will be given a greater reward. Fighting until the end.^^
Reviews 1
∙
Average Rating 5.0
5
I have only seen the API and architecture part, but it is a very good lecture. While studying JSP and Spring, I wanted to cover security and authorization in more detail. I searched the Internet, but I am still a beginner. Haha. The best part is that the lecture is very friendly. I can feel the sincerity in the materials provided, and the concepts are repeatedly explained so that even a beginner like me can understand. At first, there were so many concepts that it was too difficult, and I did not understand the debugging. But if you take notes diligently and follow along, you will now be able to see the overall flow. Thank you for making a good lecture.
I really appreciate that you found the lecture helpful even though it was lacking^^ If you have any questions while listening to the lecture, please feel free to ask and I will do my best to provide a solution. The lecture is a bit long, so it may not be easy to finish it, but I think that if you listen to the end, you will be rewarded for your efforts. Thank you again for your good evaluation.
Reviews 1
∙
Average Rating 5.0
5
I dare say that this is a truly rare Spring Security course, both domestically and internationally. I am listening to all three lectures by instructor Jeong Su-won, and I am amazed by the unique teaching pattern of instructor Jeong Su-won, such as the lecture content, preparation of materials, digging into the internal structure through debugging, and analyzing the entire architecture. Wow, digging into security like this... I think developers who have developed security will also be amazed by this lecture. As you know, Spring Security has a large learning curve, so it is not easy for intermediate developers to deeply understand the internal structure and flow, but this lecture provides sufficient technical foundation knowledge for beginners to intermediate developers and above. It explains in detail and easily so that difficult security does not feel like being possessed by magic, by combining appropriate theories and appropriate practices. In particular, the part where the structure and flow of Spring Security are explained in detail through well-prepared PPT diagrams and diagrams, and this is proven through debugging with code, is the highlight of this lecture and seems to be the instructor's know-how. I am also learning one by one by keeping an eye on this method of progress. Before taking this lecture, I only knew how to follow security, but after taking this lecture, I was able to acquire the ability to freely expand and customize functions according to the situation as well as the basic functions of security such as API, filter structure, authentication/authorization internal flow, and dynamic authorization control method. I would like to evaluate this lecture as an incredible level. I think it provides quality and information that can be counted among the lectures on Inferun. In fact, since security lectures are not a technology that anyone can teach if they want to, I think this lecture is even more valuable. After listening to it all, I realized how difficult and hard it would have been if I had tried to acquire this much knowledge on my own. When I search for security on Google, I see that the instructor's lecture contents are searched a lot, so I am really grateful that you have lowered the barrier to entry by spreading the high barrier to entry security knowledge to many developers. There was a problem where the explanation content and the provided GitHub source were not partially synchronized during the lecture, but fortunately, the instructor organized the branch names of the sources that were mapped to the lecture in Excel, so it was much easier to follow. There were some differences between the lecture content and the actual practice, but there was no difficulty in understanding the overall content. Still, I hope that you will look into these small parts more carefully in the next lecture. Now, I am looking forward to and anticipating Instructor Jeong Su-won's next lecture. Through knowledge sharing by developers like you, our junior developers will experience minimal trial and error. I will sincerely support the instructor's knowledge sharing activities in the future. Thank you.
Thank you for your great evaluation. This lecture was created after much thought and research from the perspective of the students, but there are many shortcomings. I will always prepare with a humble mind, communicate, and strive to make this a lecture where we can grow together. I also support Naelina's growth. Thank you.
Reviews 14
∙
Average Rating 4.7
4
The PPT is also very long and the lecture volume is also very high. The API is explained one by one by method, It is a lecture that helps a lot in understanding what Spring Security is, how it works, and why it is done this way, not just learning how to use it. You can also go to Git and get the source code. The disappointing thing is that even if you want to follow the code writing for each lecture step, Git only has the finished version, and the lecture does not show you all the functions implemented in the lecture in detail, and Git also has quite a few refactored and updated codes that are different from the lecture content, so it is confusing or you have to adjust it yourself, which is more tiring than you think. Except for those parts, I am satisfied and plan to take the lecture again for the second time to improve my skills.
Yes, thank you. The lecture time and materials were almost doubled compared to what was initially planned. A larger quantity is not necessarily a good thing, but as I tried to include the contents I wanted to convey through this lecture, the lecture time and contents continued to be added. I wanted to go beyond simply learning how to use the API and suggest ways to understand the principles and develop application skills. I tried to have the students learn while watching the lecture and following the actual coding, but I regret that I could not provide the source code for each unit separately. I will definitely refer to it and reflect it when I produce the next lecture. Thank you for your hard work in completing the difficult course for a long time, and I hope that this lecture will be of some help to Mr. Lee Han-sol in the field and practice. Thank you so much for leaving a helpful comment.
Check out other courses by the instructor!
Explore other courses in the same field!
![Spring Security Complete Mastery [6.x Revised Edition]Course Thumbnail](https://cdn.inflearn.com/public/courses/333154/cover/7d446f00-12af-4924-a9cd-7e8c886bde59/333154.png?f=avif&w=420)
![Java Concurrency Programming [Reactive Programming Part.1]Course Thumbnail](https://cdn.inflearn.com/public/courses/332448/cover/b34e2ff1-f670-44cf-8bb3-b3cb3d20905d/332448-eng.png?f=avif&w=420)
