A collection of Spring Security 5.7+ challenges; Part of a Spring Security blog series, and closely linked to the Spring Security Samples repository.

The project is divided into separate submodules, each of which demonstrates a single feature in isolation. While submodules can be combined to form a larger solution, we thought separating the functionality would make it easier to comprehend and extend.

All feedback much appreciated!

In order to participate, you will need the following:

• Basic Spring knowledge

• Java 8, 11, or 17+

• IDE of your choice

• Lombok IDE plugin

• curl or httpie

• docker-compose, for Keycloak (optional)

1. Clone this Git repository.

   git clone https://github.com/timtebeek/spring-security-workshop.git

2. Verify the tests for the adding-spring-security module (only).

   ./mvnw -B verify --file adding-spring-security/pom.xml

3. The other modules will have failing tests, as their implementation is (intentionally) incomplete. It’s up to you to implement the functionality to fix the tests!

4. If you are new to Spring Security, start with Adding Spring Security!

5. Once you have completed the basics, continue with any of the other modules.

1. Adding Spring Security: Secure an existing application. Start here!

2. Auditing Spring Data Entities: Automatically track who modifies an entry, and when.

3. Securing Spring Data Queries: Limit your query results to the active user.

4. Custom Access Decision Voter: Restrict which users can access what objects.

5. Custom Permission Evaluator: Separate read and write permissions on objects.

6. Spring Cloud Gateway with OpenID Connect and TokenRelay: Route requests through a gateway.