Open navigation menu

Scribd

0% found this document useful (0 votes)

14 views

Spring Security

The document provides an overview of authentication and authorization concepts in Spring Security. It describes common authentication components like AuthenticationFilter, AuthenticationManager and AuthenticationProvider. It also covers topics like setting up a UserDetailsService, PasswordEncoder and handling authentication success/failure. The document then discusses mocking users for testing and configuring security for REST APIs, web applications, and using OAuth and JWT.

Uploaded by

Copyright

© © All Rights Reserved

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

14 views

Spring Security

The document provides an overview of authentication and authorization concepts in Spring Security. It describes common authentication components like AuthenticationFilter, AuthenticationManager and AuthenticationProvider. It also covers topics like setting up a UserDetailsService, PasswordEncoder and handling authentication success/failure. The document then discusses mocking users for testing and configuring security for REST APIs, web applications, and using OAuth and JWT.

Uploaded by

Copyright

© © All Rights Reserved

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 25

Authentication Filter Authentication Manager Authentication Provider

AuthenticationSuccessHandler

User Details Service Password Encoder

AuthenticationFailureHandler
Security Context
Security Security Testing
Authentication Authorization CSRF CORS

spring-security-test
Authentication Filter Authentication Manager Authentication Provider

AuthenticationSuccessHandler

User Details Service Password Encoder

AuthenticationFailureHandler
Security Context

Mocked User

@WithMockUser @WithUserDetails
Authentication Filter Authentication Manager Authentication Provider

Token Store
User Details Service Password Encoder

Authentication Filter

Role Info

Security Context
CSRF

Authentication Filter Authentication Manager Authentication Provider

CSRFFilter

User Details Service Password Encoder

Security Context

CSRFTokenRepository
CORS
Product Frontend

Access-Control-Allow-Origin
productfrontend.com
Access-Control-Allow-Methods

Access-Control-Allow-Headers Coupon API

couponapi.com

Coupon Frontend

couponfrontend.com
Secure REST APIs
UserDetailsService
Secure REST APIs
PasswordEncoder

WebSecurityConfig

URLs and Http Method

Secure WebApp

Create a Thymeleaf frontend

Secure it

Login and Logout

Oauth

Create Auth Server

Create a Resource Server

Access Token

Create Product
JWT

productauthserver
Generate KeyPair
Configure JWT
CSRF

Enable CSRF
Customise for POST only
CORS

Create a react app

Configure Cors Support
Customise it only for POST method
Security
Authentication and Authorisation

Banking
App

User
Role
Banking
You Basic Teller

Form Based
OAuth
Confidentiality Encrypt/Decrypt

Banking

Auth App

Https
You
Friendly Neighbourhood
Hacker
Integrity Signatures

AuthorizationServer

Token
ResourceServer
CSRF and CORS
Coupon Frontend

couonfrontend.com

Coupon Backend

couponfrontend.com
OAuth

Tax Filing

User Profile

Facebook

Drive

Google
Drive
Authorization
Server
User/Password

User/Password Token

User/Resource
Client
Owner

Token

Data

Resource
Server
Grant Types

Authorization code

Password

Client Credentials

Refresh Token
Authorization code
USER Client App Auth Server Resource Server

File Tax Returns

Talk to Auth Server

Please allow client app to access my tax data

User gave you access

Give me a token

Token

Please give me the tax data .Here is the Token

Tax Data
Password
USER Client App Auth Server Resource Server

File Tax Returns

These are my auth details

User Credentials

Token

Please give me the tax data .Here is the Token

Tax Data
Client Credentials
Client App Auth Server Resource Server

Client Credentials

Token

Please give me the tax data .Here is the Token

Tax Data
Refresh Token
USER Client App Auth Server Resource Server

File Tax Returns

These are my auth details

User Credentials

Token

Please give me the tax data .Here is the Token

Token Expired

Refresh Token

Token
Global Method Security

You might also like

ACRemote Telemetry Documentation
No ratings yet
ACRemote Telemetry Documentation
5 pages
Password Authentication For Web and Mobile Apps (Dmitry Chestnykh)
No ratings yet
Password Authentication For Web and Mobile Apps (Dmitry Chestnykh)
95 pages
Collaboration Live User Manual - 453562037721a - en - US PDF
No ratings yet
Collaboration Live User Manual - 453562037721a - en - US PDF
32 pages
Oauth2 Openid Connect
No ratings yet
Oauth2 Openid Connect
10 pages
Oauth2 Openid Connect
No ratings yet
Oauth2 Openid Connect
10 pages
Authentication & Authorization
No ratings yet
Authentication & Authorization
9 pages
WF3815V13 Security1
No ratings yet
WF3815V13 Security1
22 pages
Authorization IdentityServer4v2
No ratings yet
Authorization IdentityServer4v2
21 pages
Spring Security
No ratings yet
Spring Security
7 pages
Demystifyingoauth
No ratings yet
Demystifyingoauth
57 pages
Internet Access Mangement: External Server Authentication
No ratings yet
Internet Access Mangement: External Server Authentication
17 pages
MVolaApi-Documentation-API Merchant Pay v1.0
No ratings yet
MVolaApi-Documentation-API Merchant Pay v1.0
9 pages
Authorization
No ratings yet
Authorization
30 pages
SecurID ADM PDF
No ratings yet
SecurID ADM PDF
314 pages
Irides Dashboard Technologies
No ratings yet
Irides Dashboard Technologies
3 pages
Web Application Penetration Testing Checklist: More Than 200 Custom Test Cases Prepared By: Tushar Verma Recon Phase
100% (1)
Web Application Penetration Testing Checklist: More Than 200 Custom Test Cases Prepared By: Tushar Verma Recon Phase
13 pages
Web Application Penetration Testing Checklist: More Than 200 Custom Testcases Prepared By: Tushar Verma Recon Phase
No ratings yet
Web Application Penetration Testing Checklist: More Than 200 Custom Testcases Prepared By: Tushar Verma Recon Phase
13 pages
Data Security Using Honey Pot System by Alphones Robert Francis Jennifer Catherine
No ratings yet
Data Security Using Honey Pot System by Alphones Robert Francis Jennifer Catherine
26 pages
"All That Comes Cheap Is Dear": Securid
No ratings yet
"All That Comes Cheap Is Dear": Securid
3 pages
Oauth2 Auth Flows
No ratings yet
Oauth2 Auth Flows
11 pages
01-01 AAA Configuration
No ratings yet
01-01 AAA Configuration
174 pages
ASP NET Multiple Authentication 1690214881
No ratings yet
ASP NET Multiple Authentication 1690214881
10 pages
Codebits12 - Oauth2 - Theory and Practice - Slides
100% (1)
Codebits12 - Oauth2 - Theory and Practice - Slides
34 pages
Curso de Java Spring Security Autenticación y Seguridad Web
No ratings yet
Curso de Java Spring Security Autenticación y Seguridad Web
63 pages
Microservices Cloud Distribution
No ratings yet
Microservices Cloud Distribution
5 pages
Red Hat 3scale API Management - Security Overview
No ratings yet
Red Hat 3scale API Management - Security Overview
38 pages
OWASP Dallas: Unspoofable Anti-Phish Codes
No ratings yet
OWASP Dallas: Unspoofable Anti-Phish Codes
23 pages
Modulo 6 - Clase 4
No ratings yet
Modulo 6 - Clase 4
29 pages
ASA-Azure-MFA-RADIUS
No ratings yet
ASA-Azure-MFA-RADIUS
49 pages
HTTPS With Mule 4
No ratings yet
HTTPS With Mule 4
31 pages
Dzone Refcard 347 Oauth Patterns Anti Patterns 202
No ratings yet
Dzone Refcard 347 Oauth Patterns Anti Patterns 202
6 pages
Tuesday Week 1
No ratings yet
Tuesday Week 1
74 pages
Implementing OAuth 2.0 With AWS API Gateway, Lambda, DynamoDB, and KMS - Part 1
No ratings yet
Implementing OAuth 2.0 With AWS API Gateway, Lambda, DynamoDB, and KMS - Part 1
15 pages
Slides
No ratings yet
Slides
5 pages
Advanced Authentication in WebSphere Application Server
No ratings yet
Advanced Authentication in WebSphere Application Server
26 pages
REST API Implementation Guide
100% (1)
REST API Implementation Guide
41 pages
CH 23
No ratings yet
CH 23
25 pages
Dark Trace - Mapping To MITRE
No ratings yet
Dark Trace - Mapping To MITRE
19 pages
Whitepaper - DCE - OAuth2.0 Implementation
No ratings yet
Whitepaper - DCE - OAuth2.0 Implementation
9 pages
Online Delivery Provider Docs
No ratings yet
Online Delivery Provider Docs
54 pages
Information Security: Authentication
No ratings yet
Information Security: Authentication
50 pages
Web Agents 5.6 - User Guide
No ratings yet
Web Agents 5.6 - User Guide
140 pages
14 - OAuth Implementation Then Lab
100% (1)
14 - OAuth Implementation Then Lab
39 pages
70 535 03 Security and Identity DREY
No ratings yet
70 535 03 Security and Identity DREY
68 pages
Node JS: by Chandan Naresh
No ratings yet
Node JS: by Chandan Naresh
8 pages
Account Takeovers: by - Ninad Mathpati
No ratings yet
Account Takeovers: by - Ninad Mathpati
43 pages
Wanway API en
No ratings yet
Wanway API en
41 pages
What is oAuth2
No ratings yet
What is oAuth2
2 pages
7 3 IdentityIQ SCIM API Reference 1
No ratings yet
7 3 IdentityIQ SCIM API Reference 1
36 pages
Authentication and authorization - Azure App Service _ Microsoft Learn
No ratings yet
Authentication and authorization - Azure App Service _ Microsoft Learn
10 pages
Home Nurse Webapp Proposal
No ratings yet
Home Nurse Webapp Proposal
19 pages
glossary
No ratings yet
glossary
27 pages
OAuth2 Developers Guide
No ratings yet
OAuth2 Developers Guide
31 pages
Kerberos
No ratings yet
Kerberos
27 pages
Token Based Authentication Made Easy - Auth0
100% (1)
Token Based Authentication Made Easy - Auth0
10 pages
VeriSign OTP Credential Provisioning Protocol For Trusted Devices Technical Specification v6
No ratings yet
VeriSign OTP Credential Provisioning Protocol For Trusted Devices Technical Specification v6
29 pages
OAuth2 COSCUP
No ratings yet
OAuth2 COSCUP
58 pages
Surely Architectural Diagram V1.0
No ratings yet
Surely Architectural Diagram V1.0
11 pages
Apps On Azure Blog - Microsoft Community Hub
No ratings yet
Apps On Azure Blog - Microsoft Community Hub
9 pages
Mastering OAuth 2.0
From Everand
Mastering OAuth 2.0
Bihis Charles
5/5 (1)
IBM WebSphere Application Server v7.0 Security
From Everand
IBM WebSphere Application Server v7.0 Security
Omar Siliceo
No ratings yet
Building Secure APIs with Express: Authentication and Authorization Best Practices for JavaScript Apps
From Everand
Building Secure APIs with Express: Authentication and Authorization Best Practices for JavaScript Apps
Aarav Joshi
No ratings yet
PerfMatrix Test Report Template
No ratings yet
PerfMatrix Test Report Template
23 pages
100068966
No ratings yet
100068966
87 pages
Openvpn Connection Test: Network Device
No ratings yet
Openvpn Connection Test: Network Device
4 pages
1-Fireworks 8.x Installation Procedure For Windows 10
100% (1)
1-Fireworks 8.x Installation Procedure For Windows 10
36 pages
CSS11 4th Quarter Exam
No ratings yet
CSS11 4th Quarter Exam
3 pages
6866539D66-AL Enus Integrated Terminal Management 7.8 Administrators Guide
100% (1)
6866539D66-AL Enus Integrated Terminal Management 7.8 Administrators Guide
98 pages
CALs Guide
No ratings yet
CALs Guide
5 pages
【HSE】2021 HSE Training - Product Professional - H3C iMC
No ratings yet
【HSE】2021 HSE Training - Product Professional - H3C iMC
34 pages
Virtualization Vmware
No ratings yet
Virtualization Vmware
11 pages
Atlantic Computer - A Bundle of Pricing Options
No ratings yet
Atlantic Computer - A Bundle of Pricing Options
6 pages
UCCX - Ghid Laborator
No ratings yet
UCCX - Ghid Laborator
39 pages
3BSE091397 en L ABB Ability System 800xa 6.1.1 Product Catalog
No ratings yet
3BSE091397 en L ABB Ability System 800xa 6.1.1 Product Catalog
116 pages
Splunk Q & A Final Document
No ratings yet
Splunk Q & A Final Document
129 pages
Wonderware InTouch Machine Edition en 0814
No ratings yet
Wonderware InTouch Machine Edition en 0814
9 pages
VeriFinger SDK
No ratings yet
VeriFinger SDK
11 pages
MWA Configuration File - Configure Mwa - CFG - Oracle Apps DBA Stuff
No ratings yet
MWA Configuration File - Configure Mwa - CFG - Oracle Apps DBA Stuff
5 pages
Software Architecture Document: Author: Gerard Mundo Bosch Content Owner: SVT Analytics
No ratings yet
Software Architecture Document: Author: Gerard Mundo Bosch Content Owner: SVT Analytics
21 pages
Business Blueprint
0% (1)
Business Blueprint
10 pages
faq_1
No ratings yet
faq_1
48 pages
Atoll
No ratings yet
Atoll
168 pages
FAQ - Revit Server Network GUIDs PDF
No ratings yet
FAQ - Revit Server Network GUIDs PDF
2 pages
SAP B1 IIS Install
No ratings yet
SAP B1 IIS Install
21 pages
Zain Parvaiz: Contact Info
No ratings yet
Zain Parvaiz: Contact Info
3 pages
Issues
0% (1)
Issues
78 pages
Avaya Ia 770 Intuity Audix Messaging Application
No ratings yet
Avaya Ia 770 Intuity Audix Messaging Application
48 pages
(OSCE XG) To (Apex One) Upgrade Handy Guide
No ratings yet
(OSCE XG) To (Apex One) Upgrade Handy Guide
53 pages
Technological Advances and Their Impact On Business Communication
No ratings yet
Technological Advances and Their Impact On Business Communication
8 pages
Vsphere Esxi Vcenter 803 Management Guide
No ratings yet
Vsphere Esxi Vcenter 803 Management Guide
207 pages

ACRemote Telemetry Documentation
ACRemote Telemetry Documentation
Password Authentication For Web and Mobile Apps (Dmitry Chestnykh)
Password Authentication For Web and Mobile Apps (Dmitry Chestnykh)
Collaboration Live User Manual - 453562037721a - en - US PDF
Collaboration Live User Manual - 453562037721a - en - US PDF
Oauth2 Openid Connect
Oauth2 Openid Connect
Oauth2 Openid Connect
Oauth2 Openid Connect
Authentication & Authorization
Authentication & Authorization
WF3815V13 Security1
WF3815V13 Security1
Authorization IdentityServer4v2
Authorization IdentityServer4v2
Spring Security
Spring Security
Demystifyingoauth
Demystifyingoauth
Internet Access Mangement: External Server Authentication
Internet Access Mangement: External Server Authentication
MVolaApi-Documentation-API Merchant Pay v1.0
MVolaApi-Documentation-API Merchant Pay v1.0
Authorization
Authorization
SecurID ADM PDF
SecurID ADM PDF
Irides Dashboard Technologies
Irides Dashboard Technologies
Web Application Penetration Testing Checklist: More Than 200 Custom Test Cases Prepared By: Tushar Verma Recon Phase
Web Application Penetration Testing Checklist: More Than 200 Custom Test Cases Prepared By: Tushar Verma Recon Phase
Web Application Penetration Testing Checklist: More Than 200 Custom Testcases Prepared By: Tushar Verma Recon Phase
Web Application Penetration Testing Checklist: More Than 200 Custom Testcases Prepared By: Tushar Verma Recon Phase
Data Security Using Honey Pot System by Alphones Robert Francis Jennifer Catherine
Data Security Using Honey Pot System by Alphones Robert Francis Jennifer Catherine
"All That Comes Cheap Is Dear": Securid
"All That Comes Cheap Is Dear": Securid
Oauth2 Auth Flows
Oauth2 Auth Flows
01-01 AAA Configuration
01-01 AAA Configuration
ASP NET Multiple Authentication 1690214881
ASP NET Multiple Authentication 1690214881
Codebits12 - Oauth2 - Theory and Practice - Slides
Codebits12 - Oauth2 - Theory and Practice - Slides
Curso de Java Spring Security Autenticación y Seguridad Web
Curso de Java Spring Security Autenticación y Seguridad Web
Microservices Cloud Distribution
Microservices Cloud Distribution
Red Hat 3scale API Management - Security Overview
Red Hat 3scale API Management - Security Overview
OWASP Dallas: Unspoofable Anti-Phish Codes
OWASP Dallas: Unspoofable Anti-Phish Codes
Modulo 6 - Clase 4
Modulo 6 - Clase 4
ASA-Azure-MFA-RADIUS
ASA-Azure-MFA-RADIUS
HTTPS With Mule 4
HTTPS With Mule 4
Dzone Refcard 347 Oauth Patterns Anti Patterns 202
Dzone Refcard 347 Oauth Patterns Anti Patterns 202
Tuesday Week 1
Tuesday Week 1
Implementing OAuth 2.0 With AWS API Gateway, Lambda, DynamoDB, and KMS - Part 1
Implementing OAuth 2.0 With AWS API Gateway, Lambda, DynamoDB, and KMS - Part 1
Slides
Slides
Advanced Authentication in WebSphere Application Server
Advanced Authentication in WebSphere Application Server
REST API Implementation Guide
REST API Implementation Guide
CH 23
CH 23
Dark Trace - Mapping To MITRE
Dark Trace - Mapping To MITRE
Whitepaper - DCE - OAuth2.0 Implementation
Whitepaper - DCE - OAuth2.0 Implementation
Online Delivery Provider Docs
Online Delivery Provider Docs
Information Security: Authentication
Information Security: Authentication
Web Agents 5.6 - User Guide
Web Agents 5.6 - User Guide
14 - OAuth Implementation Then Lab
14 - OAuth Implementation Then Lab
70 535 03 Security and Identity DREY
70 535 03 Security and Identity DREY
Node JS: by Chandan Naresh
Node JS: by Chandan Naresh
Account Takeovers: by - Ninad Mathpati
Account Takeovers: by - Ninad Mathpati
Wanway API en
Wanway API en
What is oAuth2
What is oAuth2
7 3 IdentityIQ SCIM API Reference 1
7 3 IdentityIQ SCIM API Reference 1
Authentication and authorization - Azure App Service _ Microsoft Learn
Authentication and authorization - Azure App Service _ Microsoft Learn
Home Nurse Webapp Proposal
Home Nurse Webapp Proposal
glossary
glossary
OAuth2 Developers Guide
OAuth2 Developers Guide
Kerberos
Kerberos
Token Based Authentication Made Easy - Auth0
Token Based Authentication Made Easy - Auth0
VeriSign OTP Credential Provisioning Protocol For Trusted Devices Technical Specification v6
VeriSign OTP Credential Provisioning Protocol For Trusted Devices Technical Specification v6
OAuth2 COSCUP
OAuth2 COSCUP
Surely Architectural Diagram V1.0
Surely Architectural Diagram V1.0
Apps On Azure Blog - Microsoft Community Hub
Apps On Azure Blog - Microsoft Community Hub
Mastering OAuth 2.0
From Everand
Mastering OAuth 2.0
IBM WebSphere Application Server v7.0 Security
From Everand
IBM WebSphere Application Server v7.0 Security
Building Secure APIs with Express: Authentication and Authorization Best Practices for JavaScript Apps
From Everand
Building Secure APIs with Express: Authentication and Authorization Best Practices for JavaScript Apps
PerfMatrix Test Report Template
PerfMatrix Test Report Template
100068966
100068966
Openvpn Connection Test: Network Device
Openvpn Connection Test: Network Device
1-Fireworks 8.x Installation Procedure For Windows 10
1-Fireworks 8.x Installation Procedure For Windows 10
CSS11 4th Quarter Exam
CSS11 4th Quarter Exam
6866539D66-AL Enus Integrated Terminal Management 7.8 Administrators Guide
6866539D66-AL Enus Integrated Terminal Management 7.8 Administrators Guide
CALs Guide
CALs Guide
【HSE】2021 HSE Training - Product Professional - H3C iMC
【HSE】2021 HSE Training - Product Professional - H3C iMC
Virtualization Vmware
Virtualization Vmware
Atlantic Computer - A Bundle of Pricing Options
Atlantic Computer - A Bundle of Pricing Options
UCCX - Ghid Laborator
UCCX - Ghid Laborator
3BSE091397 en L ABB Ability System 800xa 6.1.1 Product Catalog
3BSE091397 en L ABB Ability System 800xa 6.1.1 Product Catalog
Splunk Q & A Final Document
Splunk Q & A Final Document
Wonderware InTouch Machine Edition en 0814
Wonderware InTouch Machine Edition en 0814
VeriFinger SDK
VeriFinger SDK
MWA Configuration File - Configure Mwa - CFG - Oracle Apps DBA Stuff
MWA Configuration File - Configure Mwa - CFG - Oracle Apps DBA Stuff
Software Architecture Document: Author: Gerard Mundo Bosch Content Owner: SVT Analytics
Software Architecture Document: Author: Gerard Mundo Bosch Content Owner: SVT Analytics
Business Blueprint
Business Blueprint
faq_1
faq_1
Atoll
Atoll
FAQ - Revit Server Network GUIDs PDF
FAQ - Revit Server Network GUIDs PDF
SAP B1 IIS Install
SAP B1 IIS Install
Zain Parvaiz: Contact Info
Zain Parvaiz: Contact Info
Issues
Issues
Avaya Ia 770 Intuity Audix Messaging Application
Avaya Ia 770 Intuity Audix Messaging Application
(OSCE XG) To (Apex One) Upgrade Handy Guide
(OSCE XG) To (Apex One) Upgrade Handy Guide
Technological Advances and Their Impact On Business Communication
Technological Advances and Their Impact On Business Communication
Vsphere Esxi Vcenter 803 Management Guide
Vsphere Esxi Vcenter 803 Management Guide