spring-security-workshop

spring-security-workshop copied to clipboard

= Spring Security Workshop

:author: JDriven B.V. :doctype: book :toc: :toclevels: 3 :sectnums: :source-highlighter: highlightjs :icons: font :imagesdir: ./images :experimental: ifdef::env-github[:outfilesuffix: .adoc]

ifdef::env-github,env-browser[] :caution-caption: :fire: :important-caption: :exclamation: :note-caption: :paperclip: :tip-caption: :bulb: :warning-caption: :warning: endif::[]

ifndef::env-github,env-browser[] IMPORTANT: An always updated version of this document is https://github.com/JDriven/spring-security-workshop/blob/gh-pages/ebook.pdf[available here] as a PDF e-book. endif::[]

A collection of Spring Security 5.7+ challenges; Part of a https://github.com/timtebeek/spring-security-samples[Spring Security blog series], and closely linked to the https://github.com/timtebeek/spring-security-samples[Spring Security Samples repository].

The project is divided into separate submodules, each of which demonstrates a single feature in isolation. While submodules can be combined to form a larger solution, we thought separating the functionality would make it easier to comprehend and extend.

https://forms.gle/TsYonMZye3w3iQFQ7[All feedback much appreciated]!

== Requirements

In order to participate, you will need the following:

• Basic Spring knowledge
• Java 17+
• IDE of your choice
• https://projectlombok.org/[Lombok IDE plugin]
• https://curl.se/[curl] or https://httpie.io/[httpie] or IntelliJ HTTP Client
• docker-compose, for Keycloak (optional)

TIP: Use https://sdkman.io/ or https://scoop-docs.vercel.app/ to easily install Java.

== Getting started

1. Clone this Git repository.

git clone https://github.com/jdriven/spring-security-workshop.git

2. Verify the tests for the adding-spring-security module (only).

./mvnw -B verify --file adding-spring-security/pom.xml

3. The other modules will have compilation failures or failing tests, as their implementation is (intentionally) incomplete. It's up to you to implement the functionality to fix the tests!

4. If you are new to Spring Security, start with link:adding-spring-security/README.adoc[Adding Spring Security]!

5. Once you have completed the basics, continue with any of the other modules.

ifdef::env-github[] == Submodules

. link:adding-spring-security/[Adding Spring Security]: Secure an existing application. Start here! . link:audit-spring-data-entities/[Auditing Spring Data Entities]: Automatically track who modifies an entry, and when. . link:limit-spring-data-queries/[Securing Spring Data Queries]: Limit your query results to the active user. . link:access-decision-voter/[Custom Access Decision Voter]: Restrict which users can access what objects. . link:permission-evaluator/[Custom Permission Evaluator]: Separate read and write permissions on objects. . link:spring-cloud-gateway-oidc-tokenrelay/[Spring Cloud Gateway with OpenID Connect and TokenRelay]: Route requests through a gateway.

endif::[]

ifndef::env-github[] include::adding-spring-security/README.adoc[leveloffset=+1] include::audit-spring-data-entities/README.adoc[leveloffset=+1] include::limit-spring-data-queries/README.adoc[leveloffset=+1] include::access-decision-voter/README.adoc[leveloffset=+1] include::permission-evaluator/README.adoc[leveloffset=+1 include::spring-cloud-gateway-oidc-tokenrelay/README.adoc[leveloffset=+1] endif::[]