Sumit Gole, profile picture
Uploaded bySumit Gole
PDF, PPTX1,278 views

Spring Security

The document discusses the basic steps for configuring Spring Security: 1. Set dependencies and create a WebSecurityConfigurerAdapter configuration class 2. Configure authentication using in-memory, JDBC, or LDAP 3. Ensure the security configuration is loaded by registering WebSecurityConfiguration 4. Configure the springSecurityFilterChain by extending AbstractSecurityWebApplicationInitializer It provides code examples for configuring different authentication types and securing different URL patterns.

Technology
Related topics:
Web Security Overview

Embed presentation

Download as PDF, PPTX
Spring Security Basic Steps & Configuration Sumit Sinhmar Gole
Spring Security Spring uses servlet filter as base framework to secure the web requests. Spring security in Spring 3.2 is divided into 11 modules. The basic web security is consist of four basic steps: 1. Setting dependencies. 2. Getting Spring Security configuration. 3. Ensuring the Security configuration is loaded. 4. Configure the springSecurityFilterChain.
Spring Security ● Step 1: Setting up the dependencies using Maven. ● Step 2: Getting Spring Security configuration – Background Process: The Security configuration creates a servler filter known as 'springSecurityFilterChain' which enables the URL security, validation of user and password. – '@EnableWebSecurity' annotatiion combined with 'WebSecurityConfigurerAdapter' to provide the web security.
Spring Security In Memory Authentication: @Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) {auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } }
Spring Security ● JDBC Authentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .jdbcAuthentication() .dataSource(dataSource) .withDefaultSchema() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
Spring Security ● LDAP Authentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups"); }
Spring Security Multiple HttpSecurity: @EnableWebSecurity public class MultiHttpSecurityConfig { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { 1 auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
Spring Security @Configuration @Order(1) ● public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") .authorizeRequests() .anyRequest().hasRole("ADMIN") .and() .httpBasic(); } } ● Here @Order specify which WebSecurityConfigurerAdapter should be considered first. ● The http.antMatcher states that this HttpSecurity will only be applicable to URLs that start with /api/.
Spring Security @Configuration 4 public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin(); } } } ● If URL does not start with /api then this configuration would be used.
Spring Security ● The above changes perform the following steps: – Before accessing any URL, the authentication is performed for User and Password. In addition we can specify the role. – This enables the BASIC and Form Based Authentication. – Spring security will automatically render the login and success page automatically.
Spring Security ● Step 3: Ensuring the Security configuration is loaded. This can be done by including 'WebSecurityConfiguration' in applicationContext. In other words register the springSecurityFilterChain with the war. ● In Java: (without Existing Spring) public class SpringWebMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return new Class[] { WebSecurityConfiguration.class }; } ... }
Spring Security ● (with Spring MVC) public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
Spring Security ● Step 4: Configure the springSecurityFilterChain. – This can be done by extending ' AbstractSecurityWebApplicationInitializer' and optionally overriding methods to customize the mapping. – (The 'AbstractSecurityWebApplicationInitializer' class is used to registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.)
Spring Security public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }

More Related Content

PPTX
Spring Security 5
byJesus Perez Franco
 
PPTX
Spring Security
byBoy Tech
 
PDF
Spring Security
byKnoldus Inc.
 
PPTX
Spring security
bySaurabh Sharma
 
PDF
Spring Framework - Spring Security
byDzmitry Naskou
 
PDF
API Security Best Practices and Guidelines
byWSO2
 
PPTX
Getting Started with API Security Testing
bySmartBear
 
PDF
OAuth2 and Spring Security
byOrest Ivasiv
 
Spring Security 5
byJesus Perez Franco
 
Spring Security
byBoy Tech
 
Spring Security
byKnoldus Inc.
 
Spring security
bySaurabh Sharma
 
Spring Framework - Spring Security
byDzmitry Naskou
 
API Security Best Practices and Guidelines
byWSO2
 
Getting Started with API Security Testing
bySmartBear
 
OAuth2 and Spring Security
byOrest Ivasiv
 

What's hot

PPTX
OAuth2 + API Security
byAmila Paranawithana
 
PDF
Microservice With Spring Boot and Spring Cloud
byEberhard Wolff
 
PDF
REST APIs with Spring
byJoshua Long
 
PDF
OpenID Connect Explained
byVladimir Dzhuvinov
 
PDF
Getting started with Spring Security
byKnoldus Inc.
 
PDF
Microservices with Java, Spring Boot and Spring Cloud
byEberhard Wolff
 
PDF
Spring Boot
byPei-Tang Huang
 
PDF
Introduction to OpenID Connect
byNat Sakimura
 
PPTX
Spring boot
byPradeep Shanmugam
 
PPTX
OAuth 2
byChrisWood262
 
PPTX
Spring boot
bysdeeg
 
PPTX
Spring Boot and REST API
by07.pallav
 
PPTX
Spring Security Framework
byJayasree Perilakkalam
 
PDF
Spring boot
byBhagwat Kumar
 
PDF
Spring boot introduction
byRasheed Waraich
 
PPTX
Spring Boot Tutorial
byNaphachara Rattanawilai
 
PPTX
Rest API
byRohana K Amarakoon
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PDF
OWASP Top 10 API Security Risks
byIndusfacePvtLtd
 
PPT
Spring Security Introduction
byMindfire Solutions
 
OAuth2 + API Security
byAmila Paranawithana
 
Microservice With Spring Boot and Spring Cloud
byEberhard Wolff
 
REST APIs with Spring
byJoshua Long
 
OpenID Connect Explained
byVladimir Dzhuvinov
 
Getting started with Spring Security
byKnoldus Inc.
 
Microservices with Java, Spring Boot and Spring Cloud
byEberhard Wolff
 
Spring Boot
byPei-Tang Huang
 
Introduction to OpenID Connect
byNat Sakimura
 
Spring boot
byPradeep Shanmugam
 
OAuth 2
byChrisWood262
 
Spring boot
bysdeeg
 
Spring Boot and REST API
by07.pallav
 
Spring Security Framework
byJayasree Perilakkalam
 
Spring boot
byBhagwat Kumar
 
Spring boot introduction
byRasheed Waraich
 
Spring Boot Tutorial
byNaphachara Rattanawilai
 
Rest API
byRohana K Amarakoon
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
OWASP Top 10 API Security Risks
byIndusfacePvtLtd
 
Spring Security Introduction
byMindfire Solutions
 

Similar to Spring Security

PDF
Spring security4.x
byZeeshan Khan
 
PDF
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Spring security jwt tutorial toptal
byjbsysatm
 
PPTX
Spring Security services for web applications
byStephenKoc1
 
PPTX
Building Layers of Defense with Spring Security
byJoris Kuipers
 
PPTX
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
byzmulani8
 
PDF
Building layers of defense for your application
byVMware Tanzu
 
PDF
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
byMatt Raible
 
PDF
Spring5 hibernate5 security5 lab step by step
byRajiv Gupta
 
PDF
Javacro 2014 Spring Security 3 Speech
byFernando Redondo Ramírez
 
PDF
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
byMatt Raible
 
PPTX
Spring Security 3
byJason Ferguson
 
PPTX
Spring Security
byManish Sharma
 
PPTX
Spring WebApplication development
byThirupathiReddy Vajjala
 
PPTX
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
byIhor Polataiko
 
PDF
Spring Security in Action 1st Edition Laurentiu Spilca Spilcă Laurenţiu
byticeyfedorvt
 
PDF
Spring Security in Action 1st Edition Laurentiu Spilca
byqbjpyqyprq1924
 
PDF
Lesson07-UsernamePasswordAuthenticationFilter.pdf
byScott Anderson
 
PDF
Spring4 security
bySang Shin
 
PDF
Fun With Spring Security
byBurt Beckwith
 
Spring security4.x
byZeeshan Khan
 
JavaCro'14 - Securing web applications with Spring Security 3 – Fernando Redo...
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Spring security jwt tutorial toptal
byjbsysatm
 
Spring Security services for web applications
byStephenKoc1
 
Building Layers of Defense with Spring Security
byJoris Kuipers
 
springb security.pptxdsdsgfdsgsdgsdgsdgdsgdsgds
byzmulani8
 
Building layers of defense for your application
byVMware Tanzu
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
byMatt Raible
 
Spring5 hibernate5 security5 lab step by step
byRajiv Gupta
 
Javacro 2014 Spring Security 3 Speech
byFernando Redondo Ramírez
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
byMatt Raible
 
Spring Security 3
byJason Ferguson
 
Spring Security
byManish Sharma
 
Spring WebApplication development
byThirupathiReddy Vajjala
 
Spring Security: Deep dive into basics. Ihor Polataiko.pptx
byIhor Polataiko
 
Spring Security in Action 1st Edition Laurentiu Spilca Spilcă Laurenţiu
byticeyfedorvt
 
Spring Security in Action 1st Edition Laurentiu Spilca
byqbjpyqyprq1924
 
Lesson07-UsernamePasswordAuthenticationFilter.pdf
byScott Anderson
 
Spring4 security
bySang Shin
 
Fun With Spring Security
byBurt Beckwith
 

Recently uploaded

PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 

Spring Security

  • 1.
    Spring Security Basic Steps& Configuration Sumit Sinhmar Gole
  • 2.
    Spring Security Spring usesservlet filter as base framework to secure the web requests. Spring security in Spring 3.2 is divided into 11 modules. The basic web security is consist of four basic steps: 1. Setting dependencies. 2. Getting Spring Security configuration. 3. Ensuring the Security configuration is loaded. 4. Configure the springSecurityFilterChain.
  • 3.
    Spring Security ● Step1: Setting up the dependencies using Maven. ● Step 2: Getting Spring Security configuration – Background Process: The Security configuration creates a servler filter known as 'springSecurityFilterChain' which enables the URL security, validation of user and password. – '@EnableWebSecurity' annotatiion combined with 'WebSecurityConfigurerAdapter' to provide the web security.
  • 4.
    Spring Security In MemoryAuthentication: @Configuration @EnableWebSecurity public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) {auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } }
  • 5.
    Spring Security ● JDBCAuthentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .jdbcAuthentication() .dataSource(dataSource) .withDefaultSchema() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
  • 6.
    Spring Security ● LDAPAuthentication: @Autowired private DataSource dataSource; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups"); }
  • 7.
    Spring Security Multiple HttpSecurity: @EnableWebSecurity publicclass MultiHttpSecurityConfig { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { 1 auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); }
  • 8.
    Spring Security @Configuration @Order(1) ● publicstatic class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") .authorizeRequests() .anyRequest().hasRole("ADMIN") .and() .httpBasic(); } } ● Here @Order specify which WebSecurityConfigurerAdapter should be considered first. ● The http.antMatcher states that this HttpSecurity will only be applicable to URLs that start with /api/.
  • 9.
    Spring Security @Configuration 4 publicstatic class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin(); } } } ● If URL does not start with /api then this configuration would be used.
  • 10.
    Spring Security ● Theabove changes perform the following steps: – Before accessing any URL, the authentication is performed for User and Password. In addition we can specify the role. – This enables the BASIC and Form Based Authentication. – Spring security will automatically render the login and success page automatically.
  • 11.
    Spring Security ● Step 3:Ensuring the Security configuration is loaded. This can be done by including 'WebSecurityConfiguration' in applicationContext. In other words register the springSecurityFilterChain with the war. ● In Java: (without Existing Spring) public class SpringWebMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return new Class[] { WebSecurityConfiguration.class }; } ... }
  • 12.
    Spring Security ● (withSpring MVC) public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
  • 13.
    Spring Security ● Step 4:Configure the springSecurityFilterChain. – This can be done by extending ' AbstractSecurityWebApplicationInitializer' and optionally overriding methods to customize the mapping. – (The 'AbstractSecurityWebApplicationInitializer' class is used to registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.)
  • 14.
    Spring Security public classSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }