Home » Tag Archives: Spring Security

Tag Archives: Spring Security

Caching in Spring Boot with Spring Security

java-interview-questions-answers

In this post, I’d like to share a lesson learned by one of the teams at O&B. They were using Spring Boot with Spring Security. By default, anything that is protected by Spring Security is sent to the browser with the following HTTP header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Essentially, the response will never be cached by the browser. While ...

Read More »

Spring Security with Spring Boot 2.0: Securing your endpoints

spring-interview-questions-answers

Up until now in our previous posts we had our endpoints and controllers secured using the default spring security configuration. When Spring Security is on the classpath, the auto-configuration secures all endpoints by default. When it comes to complex applications we need different security policies per endpoints. We need to configure which endpoints should be secured, what type of users ...

Read More »

Authorizing Resources Based On Who Created Them

java-interview-questions-answers

A colleague of mine pointed me to an interesting question on StackOverflow and suggested it may be a good one for me to answer because of my experience with Spring. The question was, “How to authorize specific resources based on users who created those in REST, using annotations.” The gist of it is this: What I’m trying to do is ...

Read More »

Secure a Spring Microservices Architecture with Spring Security and OAuth 2.0

spring-interview-questions-answers

“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. Every developer wants to build faster and more efficiently, to support scale. Building a microservices architecture with Spring can add resilience and elasticity to your architecture that ...

Read More »

Spring Security with Spring Boot 2.0: UserDetailsService

spring-interview-questions-answers

As we have seen on a previous post the username and password for our spring application was configured through environmental variables. This is ok for prototype purposes however in real life scenarios we have to provide another way to make the users eligible to login to the application. To do so we use the UserDetailsService Interface. The user details service ...

Read More »

2 Ways to Setup LDAP Active Directory Authentication in Java Spring Security Example Tutorial

spring-interview-questions-answers

LDAP authentication is one of the most popular authentication mechanism around the world for enterprise application and Active directory (an LDAP implementation by Microsoft for Windows) is another widely used LDAP server. In many projects, we need to authenticate against active directory using LDAP by credentials provided in the login screen. Sometimes this simple task gets tricky because of various ...

Read More »

Spring Security Concurrent Session Control Example Tutorial – How to limit number of User Session in Java JEE Web Application

spring-interview-questions-answers

If you don’t know, Spring security can limit the number of sessions a user can have. If you are developing a web application especially a secure web application in Java JEE then you must have come up with the requirement similar to online banking portals have e.g. only one session per user at a time or no concurrent session per user. Even ...

Read More »