{"id":24414843,"url":"https://github.com/andifalk/reactive-spring-security-5-workshop","last_synced_at":"2025-04-12T03:41:17.311Z","repository":{"id":36402749,"uuid":"126313267","full_name":"andifalk/reactive-spring-security-5-workshop","owner":"andifalk","description":"Hands-On workshop for securing a reactive spring boot 2 application in multiple steps","archived":false,"fork":false,"pushed_at":"2023-10-17T04:32:50.000Z","size":33693,"stargazers_count":108,"open_issues_count":14,"forks_count":46,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-03-25T23:14:06.980Z","etag":null,"topics":["oauth2","openid-connect","owasp-top-10","reactive-streams","spring","spring-boot","spring-mvc","spring-security","spring-webflux","workshop"],"latest_commit_sha":null,"homepage":"https://andifalk.github.io/reactive-spring-security-5-workshop/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andifalk.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-22T09:44:53.000Z","updated_at":"2024-08-31T17:53:56.000Z","dependencies_parsed_at":"2023-01-17T01:32:14.151Z","dependency_job_id":null,"html_url":"https://github.com/andifalk/reactive-spring-security-5-workshop","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Freactive-spring-security-5-workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Freactive-spring-security-5-workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Freactive-spring-security-5-workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Freactive-spring-security-5-workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andifalk","download_url":"https://codeload.github.com/andifalk/reactive-spring-security-5-workshop/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248514216,"owners_count":21116899,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oauth2","openid-connect","owasp-top-10","reactive-streams","spring","spring-boot","spring-mvc","spring-security","spring-webflux","workshop"],"created_at":"2025-01-20T07:19:36.897Z","updated_at":"2025-04-12T03:41:17.291Z","avatar_url":"https://github.com/andifalk.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/badge/License-Apache%20License%202.0-brightgreen.svg)][1]\n![](https://github.com/andifalk/reactive-spring-security-5-workshop/workflows/Java%20Build/badge.svg)\n[![Release](https://img.shields.io/github/release/andifalk/reactive-spring-security-5-workshop.svg?style=flat)](https://github.com/andifalk/reactive-spring-security-5-workshop/releases)\n\n# Reactive Spring Security 5 Workshop\n\nThis is a hands-on workshop on securing a reactive Spring Boot 2.x based web application using Spring Security 5.x.\n\n## Presentation\n\n[Presentation Slides (Online)](https://andifalk.github.io/reactive-spring-security-5-workshop)\n\n## Topics\n\nTopics that will be covered by this workshop are:\n\n* [Reactive Streams Programming](http://www.reactive-streams.org/) with [Project Reactor](https://projectreactor.io) and [Spring WebFlux](https://docs.spring.io/spring/docs/current/spring-framework-reference/web-reactive.html)\n* [OWASP Top 10 Application Security Risks 2017](https://www.owasp.org/index.php/Top_10-2017_Top_10)\n* Base concepts of [Spring Security 5](https://spring.io/projects/spring-security) (i.e. Security Web Filter Chain)\n* Authentication\n* Authorization\n* Secure [password encoding](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#core-services-password-encoding) and encoding upgrades\n* [Security Headers](https://securityheaders.com)\n* Coverage of common security challenges like\n  * Session fixation\n  * CSRF\n  * SQL injection\n  * XSS\n* Automated security testing\n* [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OpenID Connect 1.0](https://openid.net/specs/openid-connect-core-1_0.html)\n\n## Requirements\n\nTo start the workshop you need:\n\n* [Java JDK version 11 or 17](https://openjdk.java.net/install/)\n* A Java IDE ([Eclipse](https://www.eclipse.org/), [STS](https://spring.io/tools), [IntelliJ](https://www.jetbrains.com/idea/), [VS Code](https://code.visualstudio.com/), [NetBeans](https://netbeans.org/), ...)\n* [Postman](https://www.getpostman.com/downloads), [Httpie](https://httpie.org/#installation), or [Curl](https://curl.haxx.se/download.html) for REST calls\n* [MongoDB Compass](https://www.mongodb.com/try/download/compass) or [Robo 3T](https://robomongo.org) to look inside the embedded MongoDB instance\n* The workshop tutorial documentation ([html](https://andifalk.github.io/reactive-spring-security-5-workshop/html5/workshop-tutorial.html) or [pdf](https://github.com/andifalk/reactive-spring-security-5-workshop/raw/master/docs/pdf/workshop-tutorial.pdf))\n* [The initial reactive application to be made secure](https://github.com/andifalk/reactive-spring-security-5-workshop/tree/master/lab-1/initial-library-server)\n* The [REST API documentation](https://andifalk.github.io/reactive-spring-security-5-workshop/api-doc.html) of the initial reactive application\n\nPlease follow the [setup guide](setup) to get your machine ready for this workshop.\n\n## Workshop structure\n\nThe workshop is split up into the following parts:\n\n* Basic Security\n  * [Lab 1: Auto Configuration](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_1_auto_configuration)\n  * [Lab 2: Customize Authentication](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_2_customize_authentication)\n  * [Lab 3: Add Authorization](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_3_add_authorization)\n  * [Lab 4: Security Testing](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_4_security_testing)\n* OAuth 2.0 / OpenID Connect\n  * [Lab 5: Resource Server](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#resource-server)\n  * [Lab 6: Client](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#oauth2-login-client)\n\n## License\n\nApache 2.0 licensed\n\nCopyright (c) by 2019-2021 Andreas Falk\n\n[1]:http://www.apache.org/licenses/LICENSE-2.0.txt\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandifalk%2Freactive-spring-security-5-workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandifalk%2Freactive-spring-security-5-workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandifalk%2Freactive-spring-security-5-workshop/lists"}