Spring Security: Authentication and Authorization

Introduction

You can use this guide to understand what Spring Security is and how its core features like authentication, authorization, or common exploit protection work.

Sooner or later everyone needs to add security to his project and in the Spring ecosystem, you do that with the help of the Spring Security library.

So you go along, add Spring Security to your Spring Boot (or plain Spring) project, and suddenly…​

• you have auto-generated login-pages.
• ​you cannot execute POST requests anymore.
• your whole application is on lockdown and prompts you to enter a username and password.

Having survived the subsequent mental breakdown, you might be interested in how all of this works.

What is Spring Security and how does it work?

Spring Security is really just a bunch of servlet filters that help you add authentication and authorization to your web application.

It also integrates well with frameworks like Spring Web MVC (or Spring Boot), as well as with standards like OAuth2. And it auto-generates login/logout pages and protects against common exploits like CSRF.

Web Application Security:

Before you become a Spring Security Guru, you need to understand three important concepts:
• Authentication
• Authorization
• Servlet Filters

Download the project here to learn and practice Github link below :

https://github.com/showagon/SpringSecurity-Role-Base

Note: DB file also includes in the Github project itself.