Spring Security Objective Questions with Answers & Explanations

This Spring Security quiz contains carefully curated objective questions with correct answers and clear explanations. It is designed for developers, security learners, and interview preparation, covering authentication, authorization, encryption, JWT, OAuth2, and advanced Spring Security concepts.

Practice Spring Security MCQs with Detailed Explanations

Answer at least 12 questions to submit.

Which of the following is true about the default password storage in Spring Security 5?

Medium

Passwords are stored as plain text

Passwords are hashed using BCrypt

Passwords are encrypted with AES

Passwords are stored using MD5 hash

What is the default HTTP method for CSRF protection in Spring Security?

Easy

GET

POST

PUT

DELETE

Which annotation enables method-level security in Spring Security?

Medium

@EnableWebSecurity

@EnableMethodSecurity

@SecuredMethod

@EnableGlobalAuthentication

In Spring Security, what does the 'ROLE_' prefix signify?

Medium

It is mandatory for defining user authorities

It is optional and used to distinguish roles from other authorities

It is used to encrypt role names

It is a legacy feature no longer used

Which of the following is NOT a standard authentication mechanism supported by Spring Security?

Medium

Form Login

Basic Auth

Digest Auth

Token Auth with JWT

What is the primary purpose of the AuthenticationManager in Spring Security?

Medium

To encrypt user passwords

To authenticate user credentials

To authorize user roles

To handle CSRF tokens

Which interface in Spring Security provides access to the current user’s authentication information?

Medium

SecurityContextHolder

AuthenticationManager

UserDetailsService

GrantedAuthority

Which of the following statements about JWT in Spring Security is correct?

Medium

JWTs are stored on the server

JWTs are self-contained tokens containing user claims

JWTs are encrypted using RSA by default

JWTs cannot expire

What does the @PreAuthorize annotation allow you to do?

Medium

Define URL patterns to secure

Authorize access to methods based on SpEL expressions

Enable CSRF protection

Specify authentication mechanisms

In Spring Security, what is the default behavior when a user is unauthenticated and tries to access a protected resource?

Medium

Returns HTTP 403 Forbidden

Redirects to login page

Throws NullPointerException

Logs out all users

Which PasswordEncoder implementation should be used for maximum compatibility with older Spring Security versions?

Medium

NoOpPasswordEncoder

BCryptPasswordEncoder

Pbkdf2PasswordEncoder

SCryptPasswordEncoder

Which Spring Security filter handles authentication of login credentials?

Medium

UsernamePasswordAuthenticationFilter

BasicAuthenticationFilter

CsrfFilter

SecurityContextPersistenceFilter

How can you disable CSRF protection for a specific endpoint in Spring Security?

Medium

By using @DisableCSRF annotation

By configuring HttpSecurity.csrf().ignoringAntMatchers("/endpoint")

By excluding the endpoint from WebSecurityConfigurerAdapter

CSRF cannot be disabled for specific endpoints

Which method in UserDetailsService loads a user by username?

Medium

findByUsername()

loadUserByUsername()

getUserByUsername()

fetchUser()

Which of the following is true about OAuth2 Resource Server in Spring Security?

High

It issues JWT tokens

It validates incoming JWT tokens

It replaces AuthenticationManager

It disables CSRF protection automatically

Spring Security Objective Questions and Answers

Practice Spring Security MCQs with Detailed Explanations

Which of the following is true about the default password storage in Spring Security 5?

What is the default HTTP method for CSRF protection in Spring Security?

Which annotation enables method-level security in Spring Security?

In Spring Security, what does the 'ROLE_' prefix signify?

Which of the following is NOT a standard authentication mechanism supported by Spring Security?

What is the primary purpose of the AuthenticationManager in Spring Security?

Which interface in Spring Security provides access to the current user’s authentication information?

Which of the following statements about JWT in Spring Security is correct?

What does the @PreAuthorize annotation allow you to do?

In Spring Security, what is the default behavior when a user is unauthenticated and tries to access a protected resource?

Which PasswordEncoder implementation should be used for maximum compatibility with older Spring Security versions?

Which Spring Security filter handles authentication of login credentials?

How can you disable CSRF protection for a specific endpoint in Spring Security?

Which method in UserDetailsService loads a user by username?

Which of the following is true about OAuth2 Resource Server in Spring Security?

Other Objective Questions

Contact Us

Quick Links

Quick Links

Newsletter