Spring Security: Basic Steps & Configuration

Spring Security uses servlet filters to secure web requests. The basic configuration involves 4 steps: 1) Adding dependencies, 2) Configuring Spring Security, 3) Loading the security configuration, and 4) Configuring the springSecurityFilterChain filter. The security configuration supports in-memory, JDBC, and LDAP authentication and allows specifying different security configurations for different URL patterns.

Uploaded by

PRABHU SORTUR

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

73 views

Spring Security: Basic Steps & Configuration

Uploaded by

PRABHU SORTUR

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 14

Spring Security

Basic Steps & Configuration

Sumit Sinhmar Gole

Spring Security

Spring uses servlet filter as base framework to secure

the web requests. Spring security in Spring 3.2 is
divided into 11 modules.
The basic web security is consist of four basic steps:
1. Setting dependencies.
2. Getting Spring Security configuration.
3. Ensuring the Security configuration is loaded.
4. Configure the springSecurityFilterChain.
Spring Security

● Step 1: Setting up the dependencies using Maven.

● Step 2: Getting Spring Security configuration
–Background Process: The Security configuration
creates a servler filter known as
'springSecurityFilterChain' which enables
the URL security, validation of user and password.
– '@EnableWebSecurity' annotatiion combined
with 'WebSecurityConfigurerAdapter' to
provide the web security.
Spring Security

In Memory Authentication:
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration
extends WebSecurityConfigurerAdapter
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
Spring Security
● JDBC Authentication:
@Autowired
private DataSource dataSource;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.withDefaultSchema()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
Spring Security
● LDAP Authentication:
@Autowired
private DataSource dataSource;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups");
}
Spring Security

Multiple HttpSecurity:
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) { 1
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
Spring Security
@Configuration
@Order(1)
● public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
● Here @Order specify which WebSecurityConfigurerAdapter should be considered first.
● The http.antMatcher states that this HttpSecurity will only be applicable to URLs that start
with /api/.
Spring Security
@Configuration 4
public static class FormLoginWebSecurityConfigurerAdapter extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
}
● If URL does not start with /api then this configuration would be used.
Spring Security

● The above changes perform the following steps:

– Before accessing any URL, the authentication is
performed for User and Password. In addition we can
specify the role.
– This enables the BASIC and Form Based
Authentication.
– Spring security will automatically render the login and
success page automatically.
Spring Security
●
Step 3: Ensuringthe Security configuration is loaded. This can be done by
including 'WebSecurityConfiguration' in applicationContext. In other
words register the springSecurityFilterChain with the war.
● In Java: (without Existing Spring)
public class SpringWebMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {

@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { WebSecurityConfiguration.class };
}
...
}
Spring Security

● (with Spring MVC)

public class SecurityWebApplicationInitializer
extends AbstractSecurityWebApplicationInitializer {
}
Spring Security

●
Step 4: Configure the springSecurityFilterChain.
– This can be done by extending '
AbstractSecurityWebApplicationInitializer ' and
optionally overriding methods to customize the
mapping.
– (The 'AbstractSecurityWebApplicationInitializer'
class is used to registers the DelegatingFilterProxy
to use the springSecurityFilterChain before any
other registered Filter.)
Spring Security

public class SecurityWebApplicationInitializer

extends AbstractSecurityWebApplicationInitializer {
}

Spring Security Zero To Master Along With JWT, OAUTH2 PDF
No ratings yet
Spring Security Zero To Master Along With JWT, OAUTH2 PDF
109 pages
Getting started with Spring Framework: A Hands-on Guide to Begin Developing Applications Using Spring Framework
From Everand
Getting started with Spring Framework: A Hands-on Guide to Begin Developing Applications Using Spring Framework
Ashish Sarin
4.5/5 (2)
Chinmoy Mukherjee - Cracking The Coding Interview - 70 Database Questions and Answers (2015)
No ratings yet
Chinmoy Mukherjee - Cracking The Coding Interview - 70 Database Questions and Answers (2015)
22 pages
Assigment On Oracle Fusion
No ratings yet
Assigment On Oracle Fusion
4 pages
Spring Security
No ratings yet
Spring Security
16 pages
Spring Security: Authentication Authorization
100% (1)
Spring Security: Authentication Authorization
4 pages
Spring Security
No ratings yet
Spring Security
21 pages
08 Spring Boot 3 Spring MVC Security
No ratings yet
08 Spring Boot 3 Spring MVC Security
158 pages
Guide to Spring Security
No ratings yet
Guide to Spring Security
15 pages
Spring Security Ramesh Draft2
No ratings yet
Spring Security Ramesh Draft2
10 pages
Spring Security
No ratings yet
Spring Security
37 pages
Normal 5f89d02c9d162
No ratings yet
Normal 5f89d02c9d162
2 pages
15 Spring Security (1)
No ratings yet
15 Spring Security (1)
7 pages
Spring Security
No ratings yet
Spring Security
33 pages
Guide to Spring Security
No ratings yet
Guide to Spring Security
16 pages
Spring Security 5
No ratings yet
Spring Security 5
28 pages
462 Solution Code Spring Security Demo 08 JDBC Plaintext
No ratings yet
462 Solution Code Spring Security Demo 08 JDBC Plaintext
14 pages
springsecurity-181008152249
No ratings yet
springsecurity-181008152249
36 pages
5-Spring Security Notes
No ratings yet
5-Spring Security Notes
6 pages
Security
No ratings yet
Security
11 pages
Lecture07.1 - Spring Security PDF
No ratings yet
Lecture07.1 - Spring Security PDF
23 pages
Microsoft Azure Security Technologies Practice Tests AZ-500
From Everand
Microsoft Azure Security Technologies Practice Tests AZ-500
iCertify Training
No ratings yet
Questions
No ratings yet
Questions
10 pages
Spring Security Zero To Master Along With JWT, OAUTH2
No ratings yet
Spring Security Zero To Master Along With JWT, OAUTH2
106 pages
Angular HTTP: Connecting to the REST API
From Everand
Angular HTTP: Connecting to the REST API
Abdelfattah Ragab
No ratings yet
Spring Security Whitepaper
No ratings yet
Spring Security Whitepaper
7 pages
Spring Security 3.0: by Tanuj Kathuria
No ratings yet
Spring Security 3.0: by Tanuj Kathuria
12 pages
05 Spring Boot Rest Security
No ratings yet
05 Spring Boot Rest Security
72 pages
Spring Security Notes
No ratings yet
Spring Security Notes
14 pages
Spring Security
No ratings yet
Spring Security
88 pages
Spring Security Reference
No ratings yet
Spring Security Reference
138 pages
A Complete Guide To Spring Security With SpringBoot - by Satya Kaveti - Medium
No ratings yet
A Complete Guide To Spring Security With SpringBoot - by Satya Kaveti - Medium
43 pages
Spring Security Reference
No ratings yet
Spring Security Reference
281 pages
Spring Security Essentials - Sample Chapter
No ratings yet
Spring Security Essentials - Sample Chapter
14 pages
Spring Boot Intermediate Microservices: Resilient Microservices with Spring Boot 2 and Spring Cloud
From Everand
Spring Boot Intermediate Microservices: Resilient Microservices with Spring Boot 2 and Spring Cloud
Jens Boje
No ratings yet
Step 14 Spring Security Level I
No ratings yet
Step 14 Spring Security Level I
5 pages
Spring Security Architecture
No ratings yet
Spring Security Architecture
13 pages
Spring Security Reference
No ratings yet
Spring Security Reference
242 pages
Spring Security Servlet Architecture
No ratings yet
Spring Security Servlet Architecture
12 pages
Spring Security
No ratings yet
Spring Security
134 pages
Springsecurity
No ratings yet
Springsecurity
134 pages
Spring Security
No ratings yet
Spring Security
10 pages
spring_security
No ratings yet
spring_security
5 pages
2. spring boot 3.2 security cheetsheet
No ratings yet
2. spring boot 3.2 security cheetsheet
15 pages
Java Training-Spring Core
No ratings yet
Java Training-Spring Core
95 pages
Microsoft Entra ID Networking Configuration Security and Best Practices: IT Books, #1
From Everand
Microsoft Entra ID Networking Configuration Security and Best Practices: IT Books, #1
Mario Marinov
No ratings yet
Spring Security
No ratings yet
Spring Security
2 pages
Getting Started _ Spring Security Architecture
No ratings yet
Getting Started _ Spring Security Architecture
16 pages
Spring Faqs2
No ratings yet
Spring Faqs2
19 pages
1. spring security cheetsheet
No ratings yet
1. spring security cheetsheet
12 pages
Spring Security
No ratings yet
Spring Security
132 pages
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
From Everand
Mastering Go Network Automation: Automating Networks, Container Orchestration, Kubernetes with Puppet, Vegeta and Apache JMeter
Ian Taylor
No ratings yet
Mastering Go Network Automation
From Everand
Mastering Go Network Automation
Ian Taylor
No ratings yet
Authorization
No ratings yet
Authorization
2 pages
In-Depth Exploration of Spring Security: Mastering Authentication and Authorization
From Everand
In-Depth Exploration of Spring Security: Mastering Authentication and Authorization
Adam Jones
No ratings yet
02 Securing Rest Api
No ratings yet
02 Securing Rest Api
5 pages
Spring+Security+Masterclass+Slides
No ratings yet
Spring+Security+Masterclass+Slides
217 pages
IBM WebSphere Application Server v7.0 Security
From Everand
IBM WebSphere Application Server v7.0 Security
Omar Siliceo
No ratings yet
Securing Amazon Web Services
From Everand
Securing Amazon Web Services
Jay Schulman
3.5/5 (2)
First Application: Bryan Hansen Twitter: bh5k
No ratings yet
First Application: Bryan Hansen Twitter: bh5k
10 pages
Spring Security
No ratings yet
Spring Security
133 pages
Spring Security
No ratings yet
Spring Security
134 pages
4
No ratings yet
4
25 pages
Spring Boot Notes
No ratings yet
Spring Boot Notes
2 pages
Chapter 7. Association Mappings Chapter 7. Association Mappings
No ratings yet
Chapter 7. Association Mappings Chapter 7. Association Mappings
18 pages
JSP Interview Questions
No ratings yet
JSP Interview Questions
24 pages
Spring Boot
No ratings yet
Spring Boot
1 page
Spring Interview Questions
No ratings yet
Spring Interview Questions
17 pages
Op 100 Spring Interview Questions and Answers (Part 1)
No ratings yet
Op 100 Spring Interview Questions and Answers (Part 1)
41 pages
Runprocess Log
No ratings yet
Runprocess Log
2 pages
TBMR 722 UserGuide
No ratings yet
TBMR 722 UserGuide
75 pages
Veritas Migration Procedure
No ratings yet
Veritas Migration Procedure
17 pages
دستورات cmd
No ratings yet
دستورات cmd
2 pages
Galileo EN Borri 01 17 OMG60106revB
No ratings yet
Galileo EN Borri 01 17 OMG60106revB
2 pages
【iMaster NCE-Campus Encyclopedia】MAC Address Authentication
No ratings yet
【iMaster NCE-Campus Encyclopedia】MAC Address Authentication
2 pages
Factorytalk Batch Components Installation and Upgrade Guide
No ratings yet
Factorytalk Batch Components Installation and Upgrade Guide
88 pages
Bill Format For Computer Repair Service in PDF Format
No ratings yet
Bill Format For Computer Repair Service in PDF Format
2 pages
Cloud Computing
No ratings yet
Cloud Computing
11 pages
DP-700 Exam Dumps
No ratings yet
DP-700 Exam Dumps
7 pages
Search SOA - WS Transactions
No ratings yet
Search SOA - WS Transactions
20 pages
Amadeus - Detailed Job Description
No ratings yet
Amadeus - Detailed Job Description
2 pages
Word Intermediate
No ratings yet
Word Intermediate
4 pages
CT050!3!2 Web Applications - Assignment 2016
No ratings yet
CT050!3!2 Web Applications - Assignment 2016
4 pages
Computer Networks and Information Security
No ratings yet
Computer Networks and Information Security
35 pages
15 - Trends and Reports
No ratings yet
15 - Trends and Reports
17 pages
Student Resume
No ratings yet
Student Resume
2 pages
Easy Blues - The Complete Piano Player - PDF: Preview
No ratings yet
Easy Blues - The Complete Piano Player - PDF: Preview
2 pages
Hive 1
No ratings yet
Hive 1
1 page
Datastage Interview Questions - Answers - 0516
No ratings yet
Datastage Interview Questions - Answers - 0516
29 pages
Dark Dex
No ratings yet
Dark Dex
274 pages
Guidsign MDT V8i III
No ratings yet
Guidsign MDT V8i III
12 pages
Python Data Types Data Type Python Abbreviation Explanation Example
No ratings yet
Python Data Types Data Type Python Abbreviation Explanation Example
8 pages
DOC-20241209-WA0028.
No ratings yet
DOC-20241209-WA0028.
5 pages
Usa Iphone PDF
100% (2)
Usa Iphone PDF
1 page
Crash
No ratings yet
Crash
2 pages
Untitled Document
No ratings yet
Untitled Document
23 pages
Red Hat JBoss Application Administration I
No ratings yet
Red Hat JBoss Application Administration I
3 pages