Spring Security Objective Questions with Answers & Explanations

This Spring Security quiz contains carefully curated objective questions with correct answers and clear explanations. It is designed for developers, security learners, and interview preparation, covering authentication, authorization, encryption, JWT, OAuth2, and advanced Spring Security concepts.

Practice Spring Security MCQs with Detailed Explanations

Answer at least 12 questions to submit.

16.

High

Which of the following filters runs before UsernamePasswordAuthenticationFilter in Spring Security filter chain?

SecurityContextPersistenceFilter

BasicAuthenticationFilter

CsrfFilter

LogoutFilter

17.

Medium

What does the method hasAuthority('ADMIN') check in Spring Security?

Whether the user has role ADMIN

Whether the user has authority ADMIN

Whether the user belongs to group ADMIN

Whether the user is authenticated

18.

Medium

Which of the following statements about Remember-Me functionality is correct?

It stores the password in session

It uses a persistent token or cookie to remember authenticated users

It requires HTTP Basic authentication

It disables CSRF automatically

19.

High

Which authentication manager implementation allows multiple AuthenticationProviders in Spring Security?

ProviderManager

DaoAuthenticationManager

GlobalAuthenticationManager

PreAuthenticatedAuthenticationManager

20.

Medium

What is the default session creation policy in Spring Security?

Always

Never

IfRequired

Stateless

21.

High

Which filter validates JWT tokens for REST APIs in Spring Security?

BasicAuthenticationFilter

UsernamePasswordAuthenticationFilter

OncePerRequestFilter

CsrfFilter

22.

High

What is the purpose of SecurityContextHolder in a multi-threaded environment?

To store authentication in a thread-safe manner

To encrypt user credentials

To manage CSRF tokens globally

To enable OAuth2 authentication

23.

High

Which of the following statements about @PostAuthorize is correct?

It is evaluated before method execution

It is evaluated after method execution

It disables CSRF

It configures session management

24.

Medium

Which encryption algorithm is recommended for storing passwords in Spring Security?

BCrypt

AES

RSA

MD5

25.

Medium

Which Spring Security component handles logout requests automatically?

LogoutFilter

LogoutHandler

SecurityContextHolder

AuthenticationManager

26.

High

In a stateless REST API using Spring Security, which SessionCreationPolicy is recommended?

IF_REQUIRED

ALWAYS

NEVER

STATELESS

27.

High

Which of the following is true for OAuth2 Authorization Server in Spring Security?

It issues access tokens to clients

It validates JWT tokens for resources

It handles method-level security

It encrypts passwords for users

28.

High

Which of the following is true about SecurityContextPersistenceFilter?

It is responsible for CSRF validation

It loads and stores SecurityContext from session

It authenticates users

It encrypts JWT tokens

29.

Medium

Which annotation in Spring Security restricts method access to users with specific roles?

@Secured

@PreAuthorize

@PostAuthorize

@RolesAllowed

30.

Medium

What is the default behavior of BasicAuthenticationFilter?

Processes form login requests

Processes HTTP Basic authentication headers

Validates JWT tokens

Handles logout requests

Practice Spring Security MCQs with Detailed Explanations

16.

Which of the following filters runs before UsernamePasswordAuthenticationFilter in Spring Security filter chain?

17.

What does the method hasAuthority('ADMIN') check in Spring Security?

18.

Which of the following statements about Remember-Me functionality is correct?

19.

Which authentication manager implementation allows multiple AuthenticationProviders in Spring Security?

20.

What is the default session creation policy in Spring Security?

21.

Which filter validates JWT tokens for REST APIs in Spring Security?

22.

What is the purpose of SecurityContextHolder in a multi-threaded environment?

23.

Which of the following statements about @PostAuthorize is correct?

24.

Which encryption algorithm is recommended for storing passwords in Spring Security?

25.

Which Spring Security component handles logout requests automatically?

26.

In a stateless REST API using Spring Security, which SessionCreationPolicy is recommended?

27.

Which of the following is true for OAuth2 Authorization Server in Spring Security?

28.

Which of the following is true about SecurityContextPersistenceFilter?

29.

Which annotation in Spring Security restricts method access to users with specific roles?

30.

What is the default behavior of BasicAuthenticationFilter?

Other Objective Questions

Contact Us

Quick Links

Quick Links

Newsletter

Spring Security Objective Questions and Answers

Practice Spring Security MCQs with Detailed Explanations

16.

Which of the following filters runs before UsernamePasswordAuthenticationFilter in Spring Security filter chain?

17.

What does the method hasAuthority('ADMIN') check in Spring Security?

18.

Which of the following statements about Remember-Me functionality is correct?

19.

Which authentication manager implementation allows multiple AuthenticationProviders in Spring Security?

20.

What is the default session creation policy in Spring Security?

21.

Which filter validates JWT tokens for REST APIs in Spring Security?

22.

What is the purpose of SecurityContextHolder in a multi-threaded environment?

23.

Which of the following statements about @PostAuthorize is correct?

24.

Which encryption algorithm is recommended for storing passwords in Spring Security?

25.

Which Spring Security component handles logout requests automatically?

26.

In a stateless REST API using Spring Security, which SessionCreationPolicy is recommended?

27.

Which of the following is true for OAuth2 Authorization Server in Spring Security?

28.

Which of the following is true about SecurityContextPersistenceFilter?

29.

Which annotation in Spring Security restricts method access to users with specific roles?

30.

What is the default behavior of BasicAuthenticationFilter?

Other Objective Questions