Spring Security Objective Questions with Answers & Explanations

This Spring Security quiz contains carefully curated objective questions with correct answers and clear explanations. It is designed for developers, security learners, and interview preparation, covering authentication, authorization, encryption, JWT, OAuth2, and advanced Spring Security concepts.

Practice Spring Security MCQs with Detailed Explanations

Answer at least 12 questions to submit.

31.

High

Which interface allows creating custom access decision logic in Spring Security?

AccessDecisionManager

AuthenticationManager

GrantedAuthority

SecurityContextHolder

32.

High

Which annotation is used to define role hierarchy in Spring Security?

@EnableRoleHierarchy

@RoleHierarchy

@PreAuthorize

@Secured

33.

High

Which statement about ConcurrentSessionControlAuthenticationStrategy is true?

It prevents multiple sessions for the same user

It handles JWT validation

It encrypts passwords

It manages CSRF tokens

34.

High

Which of the following is true for OAuth2 Client in Spring Security?

It validates JWT tokens

It requests access tokens from Authorization Server

It replaces AuthenticationManager

It disables CSRF

35.

Medium

Which of the following is a correct way to store JWT in stateless REST APIs?

HTTP Session

HttpOnly Cookie or Authorization Header

Server-side database only

Plain text in localStorage without encoding

36.

Medium

Which class in Spring Security is used to represent a user with username, password, and authorities?

User

UserDetails

Authentication

GrantedAuthority

37.

High

Which of the following statements about CSRF token repository is correct?

It stores JWT tokens

It generates and stores CSRF tokens for client requests

It validates user credentials

It stores passwords securely

38.

High

What is the difference between @PreAuthorize and @Secured?

@PreAuthorize can use SpEL expressions, @Secured cannot

@Secured can use SpEL expressions, @PreAuthorize cannot

Both are identical in functionality

Neither is used for method security

39.

High

Which filter in Spring Security handles access-denied exceptions?

ExceptionTranslationFilter

BasicAuthenticationFilter

CsrfFilter

LogoutFilter

40.

High

Which component allows dynamic permission checks for URLs at runtime in Spring Security?

FilterInvocationSecurityMetadataSource

AuthenticationManager

GrantedAuthority

UserDetailsService

41.

Medium

Which method in Authentication object returns the granted authorities?

getRoles()

getAuthorities()

getPermissions()

getCredentials()

42.

High

What is the purpose of DelegatingPasswordEncoder in Spring Security 5?

It allows multiple password encoding algorithms and selects by prefix

It delegates authentication to external OAuth2 provider

It encrypts JWT tokens

It manages CSRF tokens

43.

High

Which statement is true about PreAuthenticatedAuthenticationProvider?

It handles JWT token authentication

It authenticates users already authenticated by an external system

It encrypts passwords

It manages CSRF tokens

44.

High

Which of the following is true about SecurityFilterChain in Spring Security 5.7+?

It replaces WebSecurityConfigurerAdapter

It is used to encrypt JWT tokens

It handles CSRF tokens only

It is optional and deprecated

45.

High

Which approach allows combining multiple AuthenticationProviders in Spring Security for a single application?

ProviderManager with a list of AuthenticationProviders

DelegatingPasswordEncoder

SecurityContextHolder

BasicAuthenticationFilter

Practice Spring Security MCQs with Detailed Explanations

31.

Which interface allows creating custom access decision logic in Spring Security?

32.

Which annotation is used to define role hierarchy in Spring Security?

33.

Which statement about ConcurrentSessionControlAuthenticationStrategy is true?

34.

Which of the following is true for OAuth2 Client in Spring Security?

35.

Which of the following is a correct way to store JWT in stateless REST APIs?

36.

Which class in Spring Security is used to represent a user with username, password, and authorities?

37.

Which of the following statements about CSRF token repository is correct?

38.

What is the difference between @PreAuthorize and @Secured?

39.

Which filter in Spring Security handles access-denied exceptions?

40.

Which component allows dynamic permission checks for URLs at runtime in Spring Security?

41.

Which method in Authentication object returns the granted authorities?

42.

What is the purpose of DelegatingPasswordEncoder in Spring Security 5?

43.

Which statement is true about PreAuthenticatedAuthenticationProvider?

44.

Which of the following is true about SecurityFilterChain in Spring Security 5.7+?

45.

Which approach allows combining multiple AuthenticationProviders in Spring Security for a single application?

Other Objective Questions

Contact Us

Quick Links

Quick Links

Newsletter

Spring Security Objective Questions and Answers

Practice Spring Security MCQs with Detailed Explanations

31.

Which interface allows creating custom access decision logic in Spring Security?

32.

Which annotation is used to define role hierarchy in Spring Security?

33.

Which statement about ConcurrentSessionControlAuthenticationStrategy is true?

34.

Which of the following is true for OAuth2 Client in Spring Security?

35.

Which of the following is a correct way to store JWT in stateless REST APIs?

36.

Which class in Spring Security is used to represent a user with username, password, and authorities?

37.

Which of the following statements about CSRF token repository is correct?

38.

What is the difference between @PreAuthorize and @Secured?

39.

Which filter in Spring Security handles access-denied exceptions?

40.

Which component allows dynamic permission checks for URLs at runtime in Spring Security?

41.

Which method in Authentication object returns the granted authorities?

42.

What is the purpose of DelegatingPasswordEncoder in Spring Security 5?

43.

Which statement is true about PreAuthenticatedAuthenticationProvider?

44.

Which of the following is true about SecurityFilterChain in Spring Security 5.7+?

45.

Which approach allows combining multiple AuthenticationProviders in Spring Security for a single application?

Other Objective Questions