Security and Authentication Sprint
KRW 680,000 · informational list price
Layer Spring Security with JWT and opaque tokens while keeping session stories explicit.
You configure resource servers, method security, and CORS with deliberate defaults. Labs include rotating keys, testing security filters, and documenting threat assumptions for external reviewers. The tone stays operational, not fear-driven.
What you build and study
- Resource server setup with JWT validation
- Method security with custom voters
- Testing anonymous and authenticated flows
- CORS and CSRF decisions documented per route
- Secrets handling with environment contracts
- Audit hooks for sensitive mutations
- Hardening checklist for release readiness
Outcomes
- Ship a secured demo service with test coverage
- Explain token lifetimes to stakeholders
- Identify gaps using a provided review template
Mentor
Rina Cho
Security-focused Spring contributor; emphasizes measurable controls.
Questions
No. You learn developer-led controls and documentation habits, not formal penetration testing.
Labs use a mock issuer plus optional Keycloak instructions for self-hosters.
You can complete most modules with in-memory issuers; production integrations are your responsibility.
Recent reflections
-
“Finally a course that talks about key rotation without hand-waving.”
-
“Some exercises assumed Linux shells; Windows paths needed extra notes.”