A collection of Spring Security 5.7+ challenges; Part of a Spring Security blog series, and closely linked to the Spring Security Samples repository.
The project is divided into separate submodules, each of which demonstrates a single feature in isolation. While submodules can be combined to form a larger solution, we thought separating the functionality would make it easier to comprehend and extend.
In order to participate, you will need the following:
-
Basic Spring knowledge
-
Java 17+
-
IDE of your choice
-
docker-compose, for Keycloak (optional)
|
💡
|
Use https://sdkman.io/ or https://scoop-docs.vercel.app/ to easily install Java. |
-
Clone this Git repository.
git clone https://github.com/jdriven/spring-security-workshop.git
-
Verify the tests for the
adding-spring-securitymodule (only)../mvnw -B verify --file adding-spring-security/pom.xml
-
The other modules will have compilation failures or failing tests, as their implementation is (intentionally) incomplete. It’s up to you to implement the functionality to fix the tests!
-
If you are new to Spring Security, start with Adding Spring Security!
-
Once you have completed the basics, continue with any of the other modules.
-
Adding Spring Security: Secure an existing application. Start here!
-
Auditing Spring Data Entities: Automatically track who modifies an entry, and when.
-
Securing Spring Data Queries: Limit your query results to the active user.
-
Custom Access Decision Voter: Restrict which users can access what objects.
-
Custom Permission Evaluator: Separate read and write permissions on objects.
-
Spring Cloud Gateway with OpenID Connect and TokenRelay: Route requests through a gateway.