Spring Boot: Security

Authentication, Authorization and other Security issues

There are many aspects of Security. Here are two:

Authentication: Making sure the user is who they say they are.
Authorization: Making sure the user can only do what they are allowed to do.

There are other aspects too, such as preventing cross-site scripting attacks, denial of service attacks, to name a couple.

As we explore those in the context of Spring Boot, we’ll add resources to this page.

Authentication

In this course, we generally handle this with OAuth
That way we don’t have to deal with storing usernames/passwords.
See: Spring Boot: OAuth

Authorization

This is still more of a work in progress in terms of understanding how to do this with Spring Boot. Here are a few resources.

https://developer.okta.com/blog/2018/10/05/build-a-spring-boot-app-with-user-authentication#add-group-based-access-control-to-your-spring-boot-app

Related topics:

Spring Boot: —A Java web application framework
Spring Boot: Actuator—Checking the endpoint mappings, health or other info about your Spring Boot app
Spring Boot: Application Properties—Defining the application.properties
Spring Boot: ControllerAdvice—A place to factor out common ExceptionHandler, ModelAttribute and InitBinder code across multiple controllers
Spring Boot: CSV—Downloading and Uploading CSV files with Spring Boot
Spring Boot: Database Migrations—When you need to make a change to your database schema for an app in progress
Spring Boot: Heroku—Tips for running with Spring Boot applications on Heroku
Spring Boot: Logging—How to write information to the log in Spring Boot
Spring Boot: OAuth—How to implement OAuth for authentication in Spring Boot
Spring Boot: POST and CSRF—If you get 403 forbidden messages when using POST
Spring Boot: Postgres—Using Spring Boot with Postgres
Spring Boot: RestTemplate—When you need to access other APIs from the backend of your Spring Boot Application
Spring Boot: Secrets—Ways of keepings database credentials and OAuth client secrets out of Github
Spring Boot: Security—Authentication, Authorization and other Security issues
Spring Boot: Sessions—How to make the stateless HTTP protocol stateful
Spring Boot: SQL—Working with SQL and Databases in Spring Boot
Spring Boot: VS Code—Suggested VS Code extensions for working with Spring Boot