Spring Security is the central framework for authentication and authorization in Spring applications. It is highly configurable and extensible and is considered the de facto standard for secure Java enterprise applications.
In this intensive 2-day training course, you will build a deep understanding of the most important concepts of Spring Security step by step. From the basics of authentication and authorization to modern protocols such as OAuth 2.0 and OpenID Connect, you will learn how to integrate robust security mechanisms into your applications.
The focus is on practical, hands-on sessions in which you will directly apply and deepen your knowledge of the topics using a realistic sample application.
Agenda
Day 1: Fundamentals & Authentication
- Introduction to Spring Security
- Importance of security in applications
- Architecture and filter chain
- Authentication & Authorization
- Differences & Implementation
- Access Control with Roles & Permissions
- Configuring Spring Security
- Security Configuration with Java & Annotations
- Setting Up a Simple Security Configuration
- User Authentication
- In-Memory and Database Backends
- Password Handling & Encryption
- Session Management & CSRF Protection
Day 2: Advanced Topics & Integration
- Custom Authentication
- Own Authentication Providers
- Extending the Security Context
- Authentication Mechanisms
- Form-Based Authentication
- Token-Based Methods (JWT)
- OAuth 2.0 & OpenID Connect
- Basics & flows
- Integration in Spring Security
- Identity providers with Keycloak
- Single sign-on (SSO)
- Integration in Spring Boot
- Upgrade to Spring Security 6.5 & 7.0
- Important new features & migration steps
- Best practices & Q&A
Your Benefits
In-depth knowledge of authentication, authorization, and modern security protocols
Practical experience with the latest features of Spring Security 6.5 and 7.0
Hands-on labs with direct project transfer
Tips, tricks, and best practices from real-world experience
Audience
Software developers, architects, and IT professionals who work with Spring or Java and want to deepen their knowledge of security.
Prerequisites
- Experience in developing Spring or Java applications
- Laptop with development environment (IntelliJ, Eclipse, VS Code)
- Maven & current Java version
- Internet access & permission to install software
Training Objectives
Understand the basic principles of Spring Security.
Implement authentication and authorization concepts.
Implement security configurations in Spring Boot.
Apply session management and CSRF protection.
Implement token-based authentication (e.g., JWT).
Integrate OAuth 2.0 and OpenID Connect into Spring Security.
Apply best practices for secure applications.
Your Trainers
Patrick Baumgartner
42talents
Java, Spring, Cloud
- Spring Boot Essentials
- Spring Security in practice
Patrick Baumgartner is a Java Champion, passionate software crafter, and technical agile coach at 42talents. He supports teams in building elegant, robust solutions and specializes in cloud software with Java, the Spring ecosystem, and other open-source technologies.
As an active member of the Swiss communities for software craft, Java, and Agile, he regularly shares his knowledge. He values practical collaboration, experimentation, and continuous improvement—and prefers to learn together with others.
Relevant Other Training Courses
Spring Boot Essentials
Gain a solid understanding of Spring Boot in four days—with practical examples for robust and modern applications.
from 2,160 €
Du möchtest die Grundlagen von Spring Boot erlernen und anwenden können? Dann schau dir dieses Training an.
from 2,025 €
iSAQB® Module WEBSEC
Du möchtest tiefer in die theoretischen Themen der Web-Security abtauchen? Dann ist dieses Training das Richtige für dich.
Spring AI
Create AI-based applications with Spring
from 1,620 €
Du möchtest dein Spring-Wissen im Hinblick auf AI weiter ausbauen? Dann sieh dir dieses Training an.