Spring Security Objective Questions with Answers & Explanations

This Spring Security quiz contains carefully curated objective questions with correct answers and clear explanations. It is designed for developers, security learners, and interview preparation, covering authentication, authorization, encryption, JWT, OAuth2, and advanced Spring Security concepts.

Practice Spring Security MCQs with Detailed Explanations

Answer at least 12 questions to submit.

1.

Medium

Which of the following is true about the default password storage in Spring Security 5?

Passwords are stored as plain text

Passwords are hashed using BCrypt

Passwords are encrypted with AES

Passwords are stored using MD5 hash

2.

Easy

What is the default HTTP method for CSRF protection in Spring Security?

GET

POST

PUT

DELETE

3.

Medium

Which annotation enables method-level security in Spring Security?

@EnableWebSecurity

@EnableMethodSecurity

@SecuredMethod

@EnableGlobalAuthentication

4.

Medium

In Spring Security, what does the 'ROLE_' prefix signify?

It is mandatory for defining user authorities

It is optional and used to distinguish roles from other authorities

It is used to encrypt role names

It is a legacy feature no longer used

5.

Medium

Which of the following is NOT a standard authentication mechanism supported by Spring Security?

Form Login

Basic Auth

Digest Auth

Token Auth with JWT

6.

Medium

What is the primary purpose of the AuthenticationManager in Spring Security?

To encrypt user passwords

To authenticate user credentials

To authorize user roles

To handle CSRF tokens

7.

Medium

Which interface in Spring Security provides access to the current user’s authentication information?

SecurityContextHolder

AuthenticationManager

UserDetailsService

GrantedAuthority

8.

Medium

Which of the following statements about JWT in Spring Security is correct?

JWTs are stored on the server

JWTs are self-contained tokens containing user claims

JWTs are encrypted using RSA by default

JWTs cannot expire

9.

Medium

What does the @PreAuthorize annotation allow you to do?

Define URL patterns to secure

Authorize access to methods based on SpEL expressions

Enable CSRF protection

Specify authentication mechanisms

10.

Medium

In Spring Security, what is the default behavior when a user is unauthenticated and tries to access a protected resource?

Returns HTTP 403 Forbidden

Redirects to login page

Throws NullPointerException

Logs out all users

11.

Medium

Which PasswordEncoder implementation should be used for maximum compatibility with older Spring Security versions?

NoOpPasswordEncoder

BCryptPasswordEncoder

Pbkdf2PasswordEncoder

SCryptPasswordEncoder

12.

Medium

Which Spring Security filter handles authentication of login credentials?

UsernamePasswordAuthenticationFilter

BasicAuthenticationFilter

CsrfFilter

SecurityContextPersistenceFilter

13.

Medium

How can you disable CSRF protection for a specific endpoint in Spring Security?

By using @DisableCSRF annotation

By configuring HttpSecurity.csrf().ignoringAntMatchers("/endpoint")

By excluding the endpoint from WebSecurityConfigurerAdapter

CSRF cannot be disabled for specific endpoints

14.

Medium

Which method in UserDetailsService loads a user by username?

findByUsername()

loadUserByUsername()

getUserByUsername()

fetchUser()

15.

High

Which of the following is true about OAuth2 Resource Server in Spring Security?

It issues JWT tokens

It validates incoming JWT tokens

It replaces AuthenticationManager

It disables CSRF protection automatically

Practice Spring Security MCQs with Detailed Explanations

1.

Which of the following is true about the default password storage in Spring Security 5?

2.

What is the default HTTP method for CSRF protection in Spring Security?

3.

Which annotation enables method-level security in Spring Security?

4.

In Spring Security, what does the 'ROLE_' prefix signify?

5.

Which of the following is NOT a standard authentication mechanism supported by Spring Security?

6.

What is the primary purpose of the AuthenticationManager in Spring Security?

7.

Which interface in Spring Security provides access to the current user’s authentication information?

8.

Which of the following statements about JWT in Spring Security is correct?

9.

What does the @PreAuthorize annotation allow you to do?

10.

In Spring Security, what is the default behavior when a user is unauthenticated and tries to access a protected resource?

11.

Which PasswordEncoder implementation should be used for maximum compatibility with older Spring Security versions?

12.

Which Spring Security filter handles authentication of login credentials?

13.

How can you disable CSRF protection for a specific endpoint in Spring Security?

14.

Which method in UserDetailsService loads a user by username?

15.

Which of the following is true about OAuth2 Resource Server in Spring Security?

Other Objective Questions

Contact Us

Quick Links

Quick Links

Newsletter

Spring Security Objective Questions and Answers

Practice Spring Security MCQs with Detailed Explanations

1.

Which of the following is true about the default password storage in Spring Security 5?

2.

What is the default HTTP method for CSRF protection in Spring Security?

3.

Which annotation enables method-level security in Spring Security?

4.

In Spring Security, what does the 'ROLE_' prefix signify?

5.

Which of the following is NOT a standard authentication mechanism supported by Spring Security?

6.

What is the primary purpose of the AuthenticationManager in Spring Security?

7.

Which interface in Spring Security provides access to the current user’s authentication information?

8.

Which of the following statements about JWT in Spring Security is correct?

9.

What does the @PreAuthorize annotation allow you to do?

10.

In Spring Security, what is the default behavior when a user is unauthenticated and tries to access a protected resource?

11.

Which PasswordEncoder implementation should be used for maximum compatibility with older Spring Security versions?

12.

Which Spring Security filter handles authentication of login credentials?

13.

How can you disable CSRF protection for a specific endpoint in Spring Security?

14.

Which method in UserDetailsService loads a user by username?

15.

Which of the following is true about OAuth2 Resource Server in Spring Security?

Other Objective Questions