This is a hands-on workshop on securing a reactive Spring Boot 2.x based web application using Spring Security 5.x.

Presentation Slides (Online)

Topics that will be covered by this workshop are:

• Reactive Streams Programming with Project Reactor and Spring WebFlux
• OWASP Top 10 Application Security Risks 2017
• Base concepts of Spring Security 5 (i.e. Security Web Filter Chain)
• Authentication
• Authorization
• Secure password encoding and encoding upgrades
• Security Headers
• Coverage of common security challenges like
  • Session fixation
  • CSRF
  • SQL injection
  • XSS
• Automated security testing
• OAuth 2.0 and OpenID Connect 1.0

To start the workshop you need:

• Java JDK version 11 or 17
• A Java IDE (Eclipse, STS, IntelliJ, VS Code, NetBeans, ...)
• Postman, Httpie, or Curl for REST calls
• MongoDB Compass or Robo 3T to look inside the embedded MongoDB instance
• The workshop tutorial documentation (html or pdf)
• The initial reactive application to be made secure
• The REST API documentation of the initial reactive application

Please follow the setup guide to get your machine ready for this workshop.

The workshop is split up into the following parts:

• Basic Security
  • Lab 1: Auto Configuration
  • Lab 2: Customize Authentication
  • Lab 3: Add Authorization
  • Lab 4: Security Testing
• OAuth 2.0 / OpenID Connect
  • Lab 5: Resource Server
  • Lab 6: Client

Apache 2.0 licensed

Copyright (c) by 2019-2021 Andreas Falk