Keycloak & Spring Security Bootcamp: Api Auth For News App

Build and Secure REST API for News Application: Hands-On with OAuth 2.0, Postman, JWT, and Role-Based Access Control

What you'll learn

Understand Keycloak's core security features(Functional overview, Basic terminology)

Understand Spring Security's key protection mechanisms(Token-based access control methods, Role-based access control methods)

Understand API authorization mechanism (roles of Keycloak server/client/API)

Develop and secure APIs using Keycloak and Spring Security(Keycloak server OAuth 2.0-based configuration, REST API development, Token/role-based implementation)

Requirements

Basic knowledge of web application development (essential) -

Basic understanding of web security (beneficial, but not mandatory)

Basic knowledge of the Spring Framework (beneficial, but not mandatory)

Description

<Course Overview>Hands-on Experience: Develop a news article retrieval REST API secured by Keycloak and Spring Security using your own PC.Learning Path:Start with the basics of Keycloak and the role of Spring Security.Learn to configure the OAuth 2.0 token issuance flow with Keycloak.Develop a REST API for news article retrieval using Spring.Add token-based and role-based access control.Practical Learning: Gain in-depth knowledge of API authorization through a hands-on approach.<Differences from Other Materials>This course differs from other educational resources (such as books or YouTube video tutorials) in the following ways:It's a self-contained course, eliminating the need for additional internet searches or manual checks.It provides detailed explanations of the reasons and background for each technology and procedure, ensuring you can progress without interruptions.All lecture videos are downloadable, allowing you to study from anywhere.Complete code versions are attached to all hands-on exercises, saving you from troubleshooting coding errors.<Course Content>The course includes the following topics:Course OverviewImportant Notes for This CourseAbout your InstructorCourse Objectives and PrerequisitesKeycloak & Spring Security Hands-onOverview Part 1 - What is Keycloak?Overview Part 2 - Mechanism of API AuthorizationOverview Part 3 - Basic Keycloak TerminologyKeycloak Part 1 - InstallationKeycloak Part 2 - Creating a RealmKeycloak Part 3 - Creating a ClientKeycloak Part 4 - Creating UsersKeycloak Part 5 - Obtaining JSON Web Token (JWT)Spring Part 1 - Creating an Application TemplateSpring Part 2 - API DevelopmentSpring Part 3 - Adding SecuritySpring Part 4 - Application Configuration (Adding OAuth2 Resource Server Settings)Spring Part 5 - API AccessSpring Part 6 - API ModificationSpring Part 7 - JSON Web Token (JWT) ConversionSpring Part 8 - API Authorization Confirmation (Pre-authorization)Spring Part 9 - API ModificationSpring Part 10 - API Authorization Confirmation (In-Method Authorization)

Overview

Section 1: Course Overview

Lecture 1 Important Notes for This Course

Lecture 2 About your Instructor

Lecture 3 Course Objectives and Prerequisites

Section 2: Keycloak & Spring Security Hands-on

Lecture 4 Overview Part 1 - What is Keycloak?

Lecture 5 Overview Part 2 - Mechanism of API Authorization

Lecture 6 Overview Part 3 - Basic Keycloak Terminology

Lecture 7 Keycloak Part 1 - Installation

Lecture 8 Keycloak Part 2 - Creating a Realm

Lecture 9 Keycloak Part 3 - Creating a Client

Lecture 10 Keycloak Part 4 - Creating Users

Lecture 11 Keycloak Part 5 - Obtaining JSON Web Token (JWT)

Lecture 12 Spring Part 1 - Creating an Application Template

Lecture 13 Spring Part 2 - API Development

Lecture 14 Spring Part 3 - Adding Security

Lecture 15 Spring Part 4 - Application Configuration(Adding OAuth2 Resource Server Setting)

Lecture 16 Spring Part 5 - API Access

Lecture 17 Spring Part 6 - API Modification

Lecture 18 Spring Part 7 - JSON Web Token (JWT) Conversion

Lecture 19 Spring Part 8 - API Authorization Confirmation (Pre-authorization)

Lecture 20 Spring Part 9 - API Modification

Lecture 21 Spring Part 10 - API Authorization Confirmation (In-Method Authorization)

Section 3: Bonus Lecture

Lecture 22 Bonus Lecture

Basic knowledge of web application development (essential) - Server-side technology fundamentals (basic Java syntax knowledge/object-oriented concepts) - Basic network knowledge (HTTP methods, status codes, etc.),Basic understanding of web security (beneficial, but not mandatory) - Basic understanding of OAuth 2.0 - Familiarity with terms like stateless/stateful/CSRF,Basic knowledge of the Spring Framework (beneficial, but not mandatory) - Understanding of Dependency Injection (DI) concepts - Familiarity with annotation-based implementation methods