HowToDoInJava

  • Python
  • Java
  • Spring Boot
  • Dark Mode

Spring Security Tutorial

Spring Security is a framework that focuses on providing both authentication and authorization to Java EE-based enterprise software applications.

Spring-Security-logo

Maven Dependency

To include spring security in your maven based project, include below dependency:

<repositories>
	<repository>
		<id>spring-snapshot</id>
		<name>Spring Snapshot Repository</name>
		<url>http://repo.spring.io/snapshot</url>
	</repository>
</repositories>

<dependencies>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-web</artifactId>
		<version>4.1.1.RELEASE</version>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
		<version>4.1.1.RELEASE</version>
	</dependency>
</dependencies>

If you are using additional features like LDAP, OpenID, etc. you will need to also include the appropriate modules.

If you face any transitive dependency problem causing classpath issues at runtime, you may consider adding spring security BOM file.

<dependencies>
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-framework-bom</artifactId>
		<version>4.3.1.RELEASE</version>
		<type>pom</type>
		<scope>import</scope>
	</dependency>
</dependencies>

Gradle Dependency

To include spring security in your gradle based project, include below dependency:

repositories {
	mavenCentral()
}
dependencies {
	compile 'org.springframework.security:spring-security-web:4.1.1.RELEASE'
	compile 'org.springframework.security:spring-security-config:4.1.1.RELEASE'
}

Spring Security Examples

Below examples explain in-detail the various features of spring security.

Spring Security – Login Form Example

The scope of this tutorial is to:

  • Only authorized user should be able to access edit employee screen.
  • Unauthorized users should be presented with login screen.
  • Successful credentials should forward to edit employee screen.
  • Unsuccessful credentials should forward to access denied screen.
  • There should be a link for logout of the application.

Spring Security – JDBC User Service Example

Example of <jdbc-user-service/> used to fetch username and password from database to authenticate user into the system.

Spring Security – HTTP Basic Authentication Example

Example of <http-basic/> used to enforce the user to authenticate any of webpage or any other resource in your application with basic http authentication.

Spring Security – Custom UserDetailsService Example

Learn to extend and use UserDetailsService interface which is used in order to lookup the username, password and granted authorities for any given user.

Spring Security – Method Level Security Example – @PreAuthorize and @Secured

Learn to implement method level security in spring applications.

Spring Security – View Layer Security using JSP Taglibs

Learn to add security in view layer. It is mostly needed when we want to hide certain links or buttons based on user’s role so that he will not be able to access that functionality.

Spring Security – Unit testing Spring Security Authentication

Learn the way to test spring authentication techniques to foolproof the system from outer attacks.

Spring Security – Siteminder Pre-authentication Example

Learn to use spring security when user has been pre-authenticated in any other application and get into your web application using siteminder.

Spring Security – Method Level Security with protect-pointcut

Learn to use XML based security configuration.

Reference(s):

Spring Security Reference

Was this post helpful?

Let us know if you liked the post. That’s the only way we can improve.

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Reddit

Feedback, Discussion and Comments

  1. mamad

    May 11, 2019

    I want use from class configuration in spring security. thanks

Comments are closed on this article!

Search Tutorials

Spring Security Tutorial

  • Security – Introduction
  • Security – Method Level Security
  • Security – Siteminder
  • Security – Login Form
  • Security – JSP taglibs
  • Security – jdbc-user-service
  • Security – UserDetailsService
  • Security – Basic Auth
  • Security – Junit Tests
  • @PreAuthorize and @Secured

Meta Links

  • About Me
  • Contact Us
  • Privacy policy
  • Advertise
  • Guest and Sponsored Posts

Recommended Reading

  • 10 Life Lessons
  • Secure Hash Algorithms
  • How Web Servers work?
  • How Java I/O Works Internally?
  • Best Way to Learn Java
  • Java Best Practices Guide
  • Microservices Tutorial
  • REST API Tutorial
  • How to Start New Blog

Copyright © 2020 · HowToDoInjava.com · All Rights Reserved. | Sitemap

  • Java 15 New Features
  • Sealed Classes and Interfaces
  • EdDSA (Ed25519 / Ed448)