Spring Security Tutorial

Spring Security is a framework that focuses on providing both authentication and authorization to Java EE-based enterprise software applications.

Spring security is the de-facto standard for securing Spring-based applications. Spring Security requires a Java 8 or higher Runtime Environment.

1. Adding Spring Security

1.1. Maven

To include spring security into the application, include below dependency:

<dependencies>
        <dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
		<version>5.5.0</version>
	</dependency>
        <dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-web</artifactId>
		<version>5.5.0</version>
	</dependency>
</dependencies>

If we are using additional features like LDAP, OpenID, etc. we will need to also include the appropriate modules.

If we face any transitive dependency problem causing classpath issues at runtime, we may consider adding spring security BOM file.

<dependencies>
	<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-framework-bom</artifactId>
		<version>5.3.7</version>
		<type>pom</type>
		<scope>import</scope>
	</dependency>
</dependencies>

1.2. Gradle

To include spring security in your gradle based project, include below dependency:

repositories {
	mavenCentral()
}
dependencies {
	compile 'org.springframework.security:spring-security-web:5.5.0'
	compile 'org.springframework.security:spring-security-config:5.5.0'
}

2. Spring Security Examples

Given spring security tutorials explain the various features of spring security in detail.

Spring Security – Login Form Example

The scope of this tutorial is to:

• Only authorized user should be able to access edit employee screen.
• Unauthorized users should be presented with login screen.
• Successful credentials should forward to edit employee screen.
• Unsuccessful credentials should forward to access denied screen.
• There should be a link for logout of the application.

Spring Security – JDBC User Service Example

Example of <jdbc-user-service/> used to fetch username and password from database to authenticate user into the system.

Spring Security – HTTP Basic Authentication Example

Example of <http-basic/> used to enforce the user to authenticate any of webpage or any other resource in your application with basic http authentication.

Spring Security – Custom UserDetailsService Example

Learn to extend and use UserDetailsService interface which is used in order to lookup the username, password and granted authorities for any given user.

Spring Security – Method Level Security Example – @PreAuthorize and @Secured

Learn to implement method level security in spring applications.

Spring Security – View Layer Security using JSP Taglibs

Learn to add security in view layer. It is mostly needed when we want to hide certain links or buttons based on user’s role so that he will not be able to access that functionality.

Spring Security – Unit testing Spring Security Authentication

Learn the way to test spring authentication techniques to foolproof the system from outer attacks.

Spring Security – Siteminder Pre-authentication Example

Learn to use spring security when user has been pre-authenticated in any other application and get into your web application using siteminder.

Spring Security – Method Level Security with protect-pointcut

Learn to use XML based security configuration.

Reference(s):

Spring Security Reference