Spring Security

Spring is a well-known and commonly used framework in the Java environment. But Spring is no longer considered a framework; instead, spring is considered a group of frameworks. Spring Security is one of these frameworks, that is used for authentication and authorization. It is widely regarded as the security standard for Spring-based apps.

By adding the following dependency to our pom.xml file, we can add the Spring Security framework to our project:

AuthenticationFilter: This is the filter that intercepts requests and tries to verify their authentication. In Spring Security, the request is converted to an Authentication Object, and the authentication is handed to the AuthenticationManager.

AuthenticationManager: You may think of AuthenticationManager as a coordinator where you can register many providers and it will transfer authentication requests to the appropriate provider based on the request type.

AuthenticationProvider: AuthenticationProvider does two operations authenticate and supports. AuthenticationProvider retrieves data of users from UserDetailsService.

UserDetailsService: UserDetailsService is the main interface of spring security, and the implementation of UserDetailsService determines the authentication of any request. To implement the UserDetailsService we need to override a function called loadUserByUserName() which takes a username and gives UserDetails object.

PasswordEncoder: PasswordEncoder must be used to save passwords in Spring Security 5. The BCryptPasswordEncoder is the most frequent implementation. We can also use a NoOpPasswordEncoder instance, but this is not encouraged.

To configure Spring Security, we’ll need a configuration class in our classpath that’s marked with the @EnableWebSecurity annotation. The framework also offers a WebSecurityConfigurerAdapter class to help with customization.

The above code is for configuration and we will also need to create AuthenticationProvider which needs UserDetailsService. So basic code for UserDetailsService where user details are stored in the database is shown below.

Related posts:

One Saturday afternoon, I made plans to visit three different groups of people — they’re my family and friends so I often spend time with them but on that occasion I was curious to see which digital…

Sorry for the long silence. I was in Brazil the first two weeks of the year, with very limited online time. I didn’t make any new year’s resolutions, but prompted by my dear friend Nwabisa I took…

I used to loathe the idea of going to therapy. The thought of sharing your life with someone else as they sit in front of you and jot down notes seemed daunting. For years, I acted tough by putting…