Spring Security Tutorial
No words about Spring Security.How easy it has been to secure java web applications using spring security. Spring security itself has many modules such as SAML,OAUTH, Spring Cloud Security,LDAP etc.Also, the spring security feature to provide method level and URL level authorization ia very handy.
In the following tutorials, starting from basic authentication we have included JWT authentication as well as OAUTH.
Securing Spring Boot Admin with Spring Security
By Dhiraj , 08 July, 2020 20K
We will discuss adding spring security to the spring boot admin server console and discuss different ways such as basic authentication and JWT authentication to secure our admin console....
Spring Boot Security Custom Form Login Example
By Dhiraj , 07 December, 2016 78K
In any web app, security has always been a great concern. Today, we will be securing our
Spring MVC app using
Spring Security login form feature.To build this application we will be using
Spring boot to build it and hence we will have a complete javaconfig. Using
Spring boot, different boiler plate configurations will be automatically removed. We will also take care of protecting the app against
Cross Site Request Forgery (CSRF) attacks....
Spring Boot Security + REST + Basic Authentication
By Dhiraj , 16 December, 2016 290K
In the last post we tried securing our
Spring MVC app using spring security here.We protected our app against
CSRF attack too. Today we will see how to secure
REST Api using
Basic Authentication with
Spring security features.Here we will be using
Spring boot to avoid basic configurations and complete java config.We will try to perform simple CRUD operation...
Spring Boot Security + Hibernate + Custom Form + Login Example
By Dhiraj , 17 December, 2016 61K
In this post, let us discuss about auhtenticating user present in
spring security with form
login feature. In this course, we will be using
hibernate with integration to
spring to connect to the database. We will continue to use
spring boot features similar to previous posts to avoid common configurations.By using
spring security we will ensure that our app is secured against
Cross Site Request Forgery (CSRF) attacks....
Spring Boot Security Redirect After Login
By Dhiraj , 18 December, 2016 75K
Sometimes it's required to redirect user to different pages
post login based on the role of the user.For example if an user has an
USER role then we want him to be redirected to
/user and similarly to
/admin for users having
ADMIN role.In this post, we will be discussing about how to redirect user to different pages
post login based on the role of the user.We will be implementing
Spring Boot Security Password Encoding using Bcrypt Encoder
By Dhiraj , 17 January, 2017 148K
Today, we will take a look into hashing and encryption techniques to save passwords in the DB in an encrypted way instead of a plain-text.As there are many encoding mechanism supported by spring, We will be using
Bcrypt encoder mechanism provide by
spring security as it is the best encoder available.In the mean time, we will be using
Spring boot to avoid common configurations....
Securing Spring Boot Actuator REST Endpoints with Spring Security
By Dhiraj , 12 February, 2017 84K
This post is about adding spring security to spring boot actuators endpoints. We will be discusing about securing actuator endpoints by using properties file configurations as well as AuthenticationManagerBuilder. Apart from this we will also take a loook into how can we disable restrictions to certain endpoints that...
Spring Boot Security OAuth2 Example(Bcrypt Encoder)
By Dhiraj , 20 October, 2017 289K
In this post we will be discussing about securing REST APIs using Spring Boot Security OAuth2 with an example.We will be implementing AuthorizationServer, ResourceServer and some REST API for different crud operations and test these APIs using Postman.Here we will be using mysql database to read user credentials instead of in-memory authentication.Also, to ease our ORM solution, we will be using spring-data and BCryptPasswordEncoder for password encoding....
Spring Boot Security Jwt Authentication
By Dhiraj , 21 October, 2017 171K
In this post we will be securing our REST APIs with JWT(JSOn Web Token) authentication. We will be using spring boot maven based configuration to develop and secure our APIs. We will be extending OncePerRequestFilter class to define our custom authentication mechanism using JWT.The authentication mechanism can be applied to URLs as well as for methods. And atlast, we will be testing the implementation with google advanced REST client....
Angular 5 JWT Authentication(Spring Boot Security)
By Dhiraj , 01 February, 2018 149K
In this tutorial, we will be adding jwt authentication in an angular5 single page application having backened server supported by spring boot with integration of spring security.Having said that we will have a sample angular5 example application with HttpInterceptor integrated with it to intercept all the HTTP request to add jwt authorization token in the header and in the server we will have some REST endpoints exposed and secured using spring security.The resource will be accessible only if valid jwt token is found in the header.We will be using Mysql DB for persistant storage....
Spring Boot Security Oauth2 Jwt Auth Example
By Dhiraj , 14 March, 2018 134K
In this article, we will be discussing about OAUTH2 implementation with spring boot security and JWT token and securing REST APIs.In my last article of Spring Boot Security OAUTH2 Example, we created a sample application for authentication and authorization using OAUTH2 with default token store but spring security OAUTH2 implementation also provides functionality to define custom token store.Here, we will be creating a sample spring security OAUTH2 application using JwtTokenStore.Using JwtTokenStore as token provider allows us to customize the token generated with TokenEnhancer to add additional claims....
JWT Role Based Authorization with Spring Security
By Dhiraj , 16 May, 2018 166K
In this article, we will be creating a sample REST CRUD APIs and provide JWT role based authorization using spring security to these APIs. We will be using
spring boot 2.0 and
JWT 0.9.0. In the DB, we will have two roles defined as ADMIN and USER with custom UserDetailsService implemented and based on these roles the authorization will be decided. We will be using spring data to perform our CRUD operations and spring provided annotations such as
@EnableGlobalMethodSecurity for authorization....
Spring Boot Security Oauth2 With Angular
By Dhiraj , 19 November, 2018 82K
In this article, we will be creating a sample spring boot application with REST APIs exposed. These REST APIs will be secured with OAUTH2 protocol with JWT as a TokenStore. In the client side, we will be creating an angular 7 based application to consume the REST APIs. Hence, the angular application will first get the OAUTH2 authorization token from an AuthorizationServer and then consume the REST APIs to perform CRUD operation on a User entity. Here we will be using a MySQL database to read user credentials instead of in-memory authentication....
Exception Handling In Spring Security
By Dhiraj Ray , 21 December, 2018 100K
For exception handling in REST, we generally use
@ExceptionHandler in Spring MVC but these handler works if the request is handled by the DispatcherServlet. However, security-related exceptions occur before that as it is thrown by Filters....
Spring Boot OAUTH2 Role-Based Authorization
By Dhiraj , 27 December, 2018 83K
In this article, we will be securing REST APIs with role based OAUTH2 implementation. To do so, we will be creating two custom roles as ADMIN and USER and we will use
@secured annotation provided by spring security to secure our controller methods based on role. To some of the endpoints, we will provide access to ADMIN role and others will be accesible to user having ADMIN and USER role....
Spring Security LDAP Authentication
By Dhiraj , 29 December, 2018 61K
In this tutorial, we will learn about securing our spring boot application with spring security LDAP authentication. We will have multiple users with role-based(ADMIN, USER) entries in an LDIF file and REST APIs exposed with the help of a controller class. Whenever a user tries to access the secured endpoint, the user will be redirected to a login page and after a successful login, the user will be allowed to access the secured APIs....
Add Spring Security Custom Filter
By Dhiraj , 01 January, 2019 64K
While dealing with the security of a web application, every application tends to provide their custom authentication process. Based on the level of security required, the authentication process varies. Any application on the web is required to have an encrypted password flow from a client to a server. Sometimes authentication exception response needs to be altered. But if we are using spring security to secure our app then we have some pre-defined protocols and ways of handling these things. But good thing is that spring security provides flexible implementation to extend and customize this behavior as per our requirement by adding custom filters in the spring security filter chain in the order we want....
Spring Boot Security Google Oauth
By Dhiraj , 13 January, 2019 72K
In this series of tutorial, we will be integrating social login with spring boot application using spring security 5 provided features. In this particular tutorial, we will be adding Google OAuth login and custom registration support in a spring boot app and in coming articles, we will be integrating other social platforms such as facebook, twitter, and Github with it....
Spring Security OAuth2 User Registration
By Dhiraj , 13 January, 2019 44K
In my last article, we developed a spring security 5 OAuth application with google sign in and customized most of the default behavior. In this article, we will take a deeper look into customizing OAuth2 login. We have already added social login support to our app and now we will extend it to have an option for custom user registration or signup using email and password. After successful registration, we should be able to support JWT token-based authentication in the app....
Spring Webflux Rest Basic Authentication
By Dhiraj , 06 June, 2019 38K
With the release of Spring Security 5, one of the new features is the WebFlux for securing reactive applications. In this article, we will be discussing about securing REST endpoints exposed through reactive applications. At first, we will make configuration to use basic authentication
httpBasic() to secure the REST endpoints and then in the next article we will extend this application to provide token-based custom authentication using JWT. The authorization process will be role-based and we will be using method based reactive security using
Securing Spring WebFlux Reactive APIs with JWT Auth
By Dhiraj , 13 August, 2019 53K
In this article, we will learn about securing reactive REST endpoints with spring Webflux security. We will implement token-based authentication and authorization using JWT provider. In addition, we will have REST endpoints for user login and registration too. We do not require any token to access these APIs but all the other APIs to perform different CRUD operations will be secured one. We will have Mongo DB integrated with it to store user details and respective roles to configure a role-based authorization system. All the endpoints in this article will be the functional endpoints and we will be using ReactiveMongoRepository to support reactive repository....