There are many aspects of Security. Here are two:

• Authentication: Making sure the user is who they say they are.
• Authorization: Making sure the user can only do what they are allowed to do.

There are other aspects too, such as preventing cross-site scripting attacks, denial of service attacks, to name a couple.

As we explore those in the context of Spring Boot, we’ll add resources to this page.

Authentication

• In this course, we generally handle this with OAuth
• That way we don’t have to deal with storing usernames/passwords.
• See: Spring Boot: OAuth

Authorization

This is still more of a work in progress in terms of understanding how to do this with Spring Boot. Here are a few resources.

• https://developer.okta.com/blog/2018/10/05/build-a-spring-boot-app-with-user-authentication#add-group-based-access-control-to-your-spring-boot-app

---