• Spring Security Tutorial

• What is Spring Security
• Spring Security Architecture
• Spring Security Basic Example
• Json Web Token
• JWT Authntication Example
• Oauth2 Introduction
• Oauth2 Basic Login

What is Spring Security

Spring security is nothing but a mechanism to apply the security on top of our web application or microservices. Spring security provides authentication and authorization to our application using simple servlet filters. We can use spring security to secure URLs. Spring Security is a security framework that secures J2EE-based enterprise applications, by providing powerful, customizable security features like authentication and authorization

Spring Security core concepts

1. 1. Authentication
2. 2. Authorization
3. 3. Password Storage
4. 4. Servlet Filters

Lets understand each and every concept one by one.

1. Authentication

Used to verify if a user using an application by providing valid credentials used to verify who you are. Authentication is establishing identity of a principal (user, system, that can perform an action in an application).

2. Authorization

Authorization is a concept to validate a specific customer have righ access to perform action on the resouces which he provide the information before the user tries to access a resource. It is a process of access control, deciding whether it allows a specific customer to perform an action.
Example:

1. 1. A normal customer may have only limited permission to carry out certain operations. We don’t want to allow this customer to perform other operations. Like adding, removing products from the Ecommerce website. Also will not allow the customers perform any admin relatated activities.
2. 2. In the Ecommerce website Product Manager only be able to access the products page.
3. 3. Ecommerce manager is only be able to access the customer and order management.
4. 4. Admin can perform all the action in Ecommerce website.

3. Password Storage

Making sure that our passwords are secure and difficult to hack is another primary goal of any security framework. Spring Security’s PasswordEncoder interface perform one way transform for the password (We can’t decrypt the password).Spring Security provides several PasswordEncoder, Here is a list for your reference:

1. 1. BCryptPasswordEncoder.
2. 2. Argon2PasswordEncoder.
3. 3. Pbkdf2PasswordEncoder.
4. 4. SCryptPasswordEncoder.

4. Servlet Filters

Spring security uses the Java servlet filters to start the security check for our web application

Advantages of Spring security

Here are some important advantages of Spring Security:

1. ◈ Servlet API integration.
2. ◈ Extensible support for both Authentication and Authorization.
3. ◈ Protection against attacks like session fixation, click jacking.
4. ◈ Spring MVC integration.
5. ◈ Ability to secure application against brute force attacks.
6. ◈ Portability
7. ◈ Protection against CSRF attacks.
8. ◈ Java configuration support

---