Spring Security Tutorial


No words about spring security.How easy it has been to secure java web applications using spring security.Spring security itself has many modules such as SAML,OAUTH,Spring Cloud Security,LDAP etc.Also, the spring security feature to provide method level and URL level authorization ia very handy.

In the following tutorials, starting from basic authentication we have included JWT authentication as well as OAUTH.

Spring Boot Security Oauth2 Jwt Auth Example

By Dhiraj Ray, 14 March,2018

In this article, we will be discussing about OAUTH2 implementation with spring boot security and JWT token and securing REST APIs.In my last article of Spring Boot Security OAUTH2 Example, we created a sample application for authentication and authorization using OAUTH2 with default token store but spring security OAUTH2 implementation also provides functionality to define custom token store.Here, we will be creating a sample spring security OAUTH2 application using JwtTokenStore.Using JwtTokenStore as token provider allows us to customize the token generated with TokenEnhancer to add additional claims.... Read more ➤

Angular 5 JWT Authentication(Spring Boot Security)

By Dhiraj Ray, 01 February,2018

In this tutorial, we will be adding jwt authentication in an angular5 single page application having backened server supported by spring boot with integration of spring security.Having said that we will have a sample angular5 example application with HttpInterceptor integrated with it to intercept all the HTTP request to add jwt authorization token in the header and in the server we will have some REST endpoints exposed and secured using spring security.The resource will be accessible only if valid jwt token is found in the header.We will be using Mysql DB for persistant storage.... Read more ➤

Spring Boot Security Jwt Authentication

By Dhiraj Ray, 21 October,2017

In this post we will be securing our REST APIs with JWT(JSOn Web Token) authentication. We will be using spring boot maven based configuration to develop and secure our APIs. We will be extending OncePerRequestFilter class to define our custom authentication mechanism using JWT.The authentication mechanism can be applied to URLs as well as for methods. And atlast, we will be testing the implementation with google advanced REST client.... Read more ➤

Spring Boot Security OAuth2 Example(Bcrypt Encoder)

By Dhiraj Ray, 20 October,2017

In this post we will be discussing about securing REST APIs using Spring Boot Security OAuth2 with an example.We will be implementing AuthorizationServer, ResourceServer and some REST API for different crud operations and test these APIs using Postman.Here we will be using mysql database to read user credentials instead of in-memory authentication.Also, to ease our ORM solution, we will be using spring-data and BCryptPasswordEncoder for password encoding.... Read more ➤

Securing Spring Boot Actuator REST Endpoints with Spring Security

By Dhiraj Ray, 12 February,2017

This post is about adding spring security to spring boot actuators endpoints. We will be discusing about securing actuator endpoints by using properties file configurations as well as AuthenticationManagerBuilder. Apart from this we will also take a loook into how can we disable restrictions to certain endpoints that... Read more ➤

Spring Boot Security Password Encoding using Bcrypt Encoder

By Dhiraj Ray, 17 January,2017

Today, we will take a look into hashing and encryption techniques to save passwords in the DB in an encrypted way instead of a plain-text.As there are many encoding mechanism supported by spring, We will be using Bcrypt encoder mechanism provide by spring security as it is the best encoder available.In the mean time, we will be using Spring boot to avoid common configurations.... Read more ➤

Spring Boot Security Redirect After Login

By Dhiraj Ray, 18 December,2016

Sometimes it's required to redirect user to different pages post login based on the role of the user.For example if an user has an USER role then we want him to be redirected to /user and similarly to /admin for users having ADMIN role.In this post, we will be discussing about how to redirect user to different pages post login based on the role of the user.We will be implementing AuthenticationSuccessHandler of... Read more ➤

Spring Boot Security + Hibernate + Custom Form + Login Example

By Dhiraj Ray, 17 December,2016

In this post, let us discuss about auhtenticating user present in database using spring security with form login feature. In this course, we will be using hibernate with integration to spring to connect to the database. We will continue to use spring boot features similar to previous posts to avoid common configurations.By using spring security we will ensure that our app is secured against Cross Site Request Forgery (CSRF) attacks.... Read more ➤

Spring Boot Security + REST + Basic Authentication

By Dhiraj Ray, 16 December,2016

In the last post we tried securing our Spring MVC app using spring security here.We protected our app against CSRF attack too. Today we will see how to secure REST Api using Basic Authentication with Spring security features.Here we will be using Spring boot to avoid basic configurations and complete java config.We will try to perform simple CRUD operation... Read more ➤

Spring Boot Security Custom Form Login Example

By Dhiraj Ray, 07 December,2016

In any web app, security has always been a great concern. Today, we will be securing our Spring MVC app using Spring Security login form feature.To build this application we will be using Spring boot to build it and hence we will have a complete javaconfig. Using Spring boot, different boiler plate configurations will be automatically removed. We will also take care of protecting the app against Cross Site Request Forgery (CSRF) attacks.... Read more ➤