15 docs tagged with "spring-security"

Hands-on code examples for Spring Security authentication — UserDetailsService, BCrypt, custom login endpoint, and accessing the current user.

Hands-on examples for Spring Security authorization — URL rules, @PreAuthorize, SpEL expressions, ownership checks, and testing access control.

Hands-on examples for CSRF protection and CORS configuration in Spring Boot — Cookie-based CSRF for SPAs, production CORS setup, fixing the preflight 401 problem, and testing with MockMvc.

How Spring Security prevents Cross-Site Request Forgery attacks with CSRF tokens, when to disable CSRF for REST APIs, and how to configure CORS for Single-Page Applications talking to Spring Boot backends.

Hands-on examples for JWT authentication in Spring Boot — generating tokens, validating with Spring Security's resource server, custom claims, and refresh token pattern.

JSON Web Token structure, signing (symmetric vs. asymmetric), validation, and how to wire stateless JWT authentication into a Spring Boot REST API using Spring Security's OAuth2 Resource Server support.

Hands-on examples for OAuth2 and OpenID Connect in Spring Boot — social login, resource server with external auth server, client credentials for microservices, and accessing OIDC user info.

OAuth2 authorization flows, the resource server and authorization server patterns, OpenID Connect identity layer, and how to configure Spring Boot as an OAuth2 client and resource server.

Hands-on code examples and step-by-step walkthroughs for Spring Security's filter chain configuration.

Authentication, authorization, OAuth2, JWT, filter chains, CSRF, and CORS for Spring Boot applications.

How Spring Security authenticates users — UserDetailsService, PasswordEncoder, AuthenticationManager, and the authentication flow from credentials to SecurityContext.

How Spring Security enforces access control — URL-based rules with requestMatchers, method-level security with @PreAuthorize and @Secured, and the role vs. authority distinction.

How Spring Security's ordered chain of servlet filters intercepts every HTTP request and applies authentication and authorization before the request reaches your controller.

Consolidated interview Q&A for Spring Security covering filter chain, authentication, authorization, JWT, OAuth2, CSRF, and CORS — beginner through advanced.

Quick-reference summary of Spring Security's filter chain, authentication, authorization, JWT, OAuth2, CSRF, and CORS — key concepts, annotations, and interview questions at a glance.