Spring security

Table of Contents

https://spring.io/projects/spring-security/

What is it?

Spring security provides authentication and authorization to our application using simple servlet filters.

We use spring security to secure URLs. Spring Security is a security framework that secures J2EE-based enterprise applications, by providing powerful, customizable security features like authentication and authorization. It is the de facto standard for securing Spring-based applications.

Spring security works on the following three core concepts

  1. Authentication
  2. Authorization
  3. Password Storage
  4. Servlet Filters
    1. Spring security uses the Java servlet filters to start the security check for our web application.

Advantages

Here are some important advantages of Spring Security:

  1. Servlet API integration.
  2. Extensible support for both Authentication and Authorization.
  3. Protection against attacks like session fixation, click jacking.
  4. Spring MVC integration.
  5. Ability to secure application against brute force attacks.
  6. Portability.
  7. Protection against CSRF attacks.
  8. Java configuration support

TODO

KNOWLEDGE GAP - LEARN MORE, IMPLEMENT THIS

take down notes about using spring security for authenticating JWT

  1. https://www.baeldung.com/learn-spring-security-course

  2. https://www.javadevjournal.com/spring-security-tutorial/

  3. https://www.javadevjournal.com/spring/password-encoding-in-spring-security/

  4. https://www.bezkoder.com/spring-boot-jwt-authentication/

  5. https://springframework.guru/jwt-authentication-in-spring-microservices-jwt-token/

  6. https://laurspilca.com/consuming-an-endpoint-protected-by-an-oauth-2-resource-server-from-a-spring-boot-service/

  7. https://www.sivalabs.in/spring-security-oauth2-tutorial-integrating-client-and-resource-server/

  8. spring-security-oauth

  9. single sign-on with spring security OAuth 2

Is there a way to implement custom OAuth on the server side without having to rely on third party providers for OAuth tokens?

Implement a client for an OAuth protected service using springboot - see how the access token is manages. How will it be recreated when its time to live expires? Can the application recreate the token (a few minutes) before it expires?

Reading material

Find the article and note down spring security jwt authentication implementation details

https://github.com/royclarkson/spring-rest-service-oauth

https://github.com/mariubog/oauth-client-sample

Tags

  1. Spring security - Using Spring OAuth2 RestTemplate
  2. Spring security - How to setup Basic Authentication in Spring WebClient while invoking external APIs
  3. Spring security - Configuring an application to use spring security
  4. Spring security - Architecture
  5. Spring security - required dependencies to use spring security

Links to this note