This repository contains the code for the PluralSight course as it is developed along the various modules of the course.
The course is written and presented in Kotlin, but Java developers can also find the Java version of the relevant code in this repo.
All the Kotlin code is for the course is in the kotlin
branch, and each demo of the course is labeled with a tag, as follows
- Manually Securing a CLI Application
module2startGetting Familiar with unsecured NekoShlinkmodule2step1Securing the CLI with API keys and hard-coded userbase
- Adding Authentication to a RESTful API with Spring Security and Spring Boot
module3step1Securing the Shlink Compatibility API with API keysmodule3step2Enabling TLS in a Spring Boot applicationmodule3step3Enabling mTLS in a Spring Boot applicationmodule3step4Opening up access to the Open API endpoints
- Creating and Maintaining a User Base for your RESTful API
module4step1X.509 certificates with hard-coded userbasemodule4step2Configuring the HTTP Basic and Form-based challenges
- Implementing OIDC Authentication with KeyCloak
module5step1OIDC authentication with Spring Auth Servermodule5step2OIDC authentication with KeyCloakmodule5step3Example third-party NekoShlink dashboard with KeyCloak
- Adding Authorization to the RESTful API Endpoints
module6step1Configuring fine-grained authorization for HTTP endpointsmodule6step2Simplifying authorization expressions with role hierarchies
- Adding Authorization to the Business Logic Services
module7step1Method-level authorization for HTTP endpointsmodule7step2Method-level authorization on data access layermodule7step3Access control annotations and no more controls in front-endsmodule7step4Delegation with RunAs (solving access issues in anonymous code)
- Auditing Access to the Application
module8step1Authentication logging with Spring Security eventsmodule8step2Spring Actuator audit eventsmodule8step3JPA callbacks and Spring Data auditingmodule8step4v1Setting up historic data change audit (with Envers)module8step4v2Setting up historic data change audit (with JaVers)
Java code is provided for all relevant artefacts to the course in the java
branch, and each demo of the course is labeled with a tag, as follows
- Manually Securing a CLI Application
javamod2startGetting Familiar with unsecured NekoShlinkjavamod2step1Securing the CLI with API keys and hard-coded userbase
- Adding Authentication to a RESTful API with Spring Security and Spring Boot
javamod3step1Securing the Shlink Compatibility API with API keysjavamod3step2Enabling TLS in a Spring Boot applicationjavamod3step3Enabling mTLS in a Spring Boot applicationjavamod3step4Opening up access to the Open API endpoints
- Creating and Maintaining a User Base for your RESTful API
javamod4step1X.509 certificates with hard-coded userbasejavamod4step2Configuring the HTTP Basic and Form-based challenges
- Implementing OIDC Authentication with KeyCloak
javamod5step1OIDC authentication with Spring Auth Serverjavamod5step2OIDC authentication with KeyCloakjavamod5step3Example third-party NekoShlink dashboard with KeyCloak
- Adding Authorization to the RESTful API Endpoints
javamod6step1Configuring fine-grained authorization for HTTP endpointsjavamod6step2Simplifying authorization expressions with role hierarchies
- Adding Authorization to the Business Logic Services
javamod7step1Method-level authorization for HTTP endpointsjavamod7step2Method-level authorization on data access layerjavamod7step3Access control annotations and no more controls in front-endsjavamod7step4Delegation with RunAs (solving access issues in anonymous code)
- Auditing Access to the Application
javamod8step1Authentication logging with Spring Security eventsjavamod8step2Spring Actuator audit eventsjavamod8step3JPA callbacks and Spring Data auditingjavamod8step4v1Setting up historic data change audit (with Envers)javamod8step4v2Setting up historic data change audit (with JaVers)