Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/andifalk/reactive-spring-security-5-workshop

Hands-On workshop for securing a reactive spring boot 2 application in multiple steps
https://github.com/andifalk/reactive-spring-security-5-workshop

oauth2 openid-connect owasp-top-10 reactive-streams spring spring-boot spring-mvc spring-security spring-webflux workshop

Last synced: 12 days ago
JSON representation

Hands-On workshop for securing a reactive spring boot 2 application in multiple steps

Host: GitHub
URL: https://github.com/andifalk/reactive-spring-security-5-workshop
Owner: andifalk
License: apache-2.0
Created: 2018-03-22T09:44:53.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2023-10-17T04:32:50.000Z (over 1 year ago)
Last Synced: 2024-04-16T07:49:19.483Z (10 months ago)
Topics: oauth2, openid-connect, owasp-top-10, reactive-streams, spring, spring-boot, spring-mvc, spring-security, spring-webflux, workshop
Language: Java
Homepage: https://andifalk.github.io/reactive-spring-security-5-workshop/
Size: 32.1 MB
Stars: 108
Watchers: 10
Forks: 46
Open Issues: 14
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        [![License](https://img.shields.io/badge/License-Apache%20License%202.0-brightgreen.svg)][1]

![](https://github.com/andifalk/reactive-spring-security-5-workshop/workflows/Java%20Build/badge.svg)

[![Release](https://img.shields.io/github/release/andifalk/reactive-spring-security-5-workshop.svg?style=flat)](https://github.com/andifalk/reactive-spring-security-5-workshop/releases)

# Reactive Spring Security 5 Workshop

This is a hands-on workshop on securing a reactive Spring Boot 2.x based web application using Spring Security 5.x.

## Presentation

[Presentation Slides (Online)](https://andifalk.github.io/reactive-spring-security-5-workshop)

## Topics

Topics that will be covered by this workshop are:

* [Reactive Streams Programming](http://www.reactive-streams.org/) with [Project Reactor](https://projectreactor.io) and [Spring WebFlux](https://docs.spring.io/spring/docs/current/spring-framework-reference/web-reactive.html)

* [OWASP Top 10 Application Security Risks 2017](https://www.owasp.org/index.php/Top_10-2017_Top_10)

* Base concepts of [Spring Security 5](https://spring.io/projects/spring-security) (i.e. Security Web Filter Chain)

* Authentication

* Authorization

* Secure [password encoding](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#core-services-password-encoding) and encoding upgrades

* [Security Headers](https://securityheaders.com)

* Coverage of common security challenges like

  * Session fixation

  * CSRF

  * SQL injection

  * XSS

* Automated security testing

* [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OpenID Connect 1.0](https://openid.net/specs/openid-connect-core-1_0.html)

## Requirements

To start the workshop you need:

* [Java JDK version 11 or 17](https://openjdk.java.net/install/)

* A Java IDE ([Eclipse](https://www.eclipse.org/), [STS](https://spring.io/tools), [IntelliJ](https://www.jetbrains.com/idea/), [VS Code](https://code.visualstudio.com/), [NetBeans](https://netbeans.org/), ...)

* [Postman](https://www.getpostman.com/downloads), [Httpie](https://httpie.org/#installation), or [Curl](https://curl.haxx.se/download.html) for REST calls

* [MongoDB Compass](https://www.mongodb.com/try/download/compass) or [Robo 3T](https://robomongo.org) to look inside the embedded MongoDB instance

* The workshop tutorial documentation ([html](https://andifalk.github.io/reactive-spring-security-5-workshop/html5/workshop-tutorial.html) or [pdf](https://github.com/andifalk/reactive-spring-security-5-workshop/raw/master/docs/pdf/workshop-tutorial.pdf))

* [The initial reactive application to be made secure](https://github.com/andifalk/reactive-spring-security-5-workshop/tree/master/lab-1/initial-library-server)

* The [REST API documentation](https://andifalk.github.io/reactive-spring-security-5-workshop/api-doc.html) of the initial reactive application

Please follow the [setup guide](setup) to get your machine ready for this workshop.

## Workshop structure

The workshop is split up into the following parts:

* Basic Security

  * [Lab 1: Auto Configuration](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_1_auto_configuration)

  * [Lab 2: Customize Authentication](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_2_customize_authentication)

  * [Lab 3: Add Authorization](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_3_add_authorization)

  * [Lab 4: Security Testing](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#_lab_4_security_testing)

* OAuth 2.0 / OpenID Connect

  * [Lab 5: Resource Server](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#resource-server)

  * [Lab 6: Client](https://andifalk.github.io/reactive-spring-security-5-workshop/workshop-tutorial.html#oauth2-login-client)

## License

Apache 2.0 licensed

Copyright (c) by 2019-2021 Andreas Falk

[1]:http://www.apache.org/licenses/LICENSE-2.0.txt