Spring Security Module 2: OAuth2 and REST

Introduction 21m 18s

In this course we will be using the CRM system from the Spring Remoting course. You don't need experience of REST, this chapter will explain how to set the system up.

Securing a REST Webservice 44m 17s

Adding security to REST is really a case of applying standard Spring Security. We'll use Basic Authentication in this chapter.

An Overview of OAuth 41m 52s

OAuth is not the easiest to understand - in this chapter a very basic (and simplified) overview of OAuth 2.

The Authorization Code Grant Type - Leg 1 32m 40s

We will implement a full OAuth 2 process - this is the first section where the user (resource owner) authenticates and authorizes.

The Authorization Code Grant Type - Leg 2 32m 15s

In Leg 2, we need to authenticate the client

The Authorization Code Grant Type - Leg 3 37m 26s

And in Leg 3, we finally grant access to the resources

The OAuthRestTemplate 22m 2s

This template improves the client's code dramatically!

Additional Scopes 35m 53s

A feature of OAuth is that you can define fine grained scopes - in this chapter we will add a "write" scope.

Other Grant Types 41m 5s

There are other, less secure grant types available in OAuth. When should you use them? We also implement one of the grant types in our project.

HTTPs (TLS/SSL) 55m 17s

How to encrypt the traffic using HTTPs. This is hard work but an essential step.

Module Summary 4m 11s

A preview of what is coming up in Module 3 of this series.

Bonus Chapter - JavaConfig for Security 66m 15s

This bonus chapter has been borrowed from our JavaConfig module - it shows how to use JavaConfig to configure the security aspects of your application, including OAuth.