Spring Security Two-Factor Auth (2FA) with JWT Token
Creating REST APIs is a better approach for building one-time token-based authentication combined with Jwt tokens in Spring Security.
Related Tags
Tutorials
Spring Security 6 One-Time Token Login Example
In Spring Security, a One-Time Token (OTT) is a server-side generated string that can be used only once for user login authentication purpose.
Spring Boot Role-Based Authentication with AWS Cognito
Spring Security framework supports a wide range of authentication models, and in this tutorial, we will cover OAuth2 authentication using Amazon Cognito. We will walk through a step-by-step guide from creating the user pool in the AWS, adding the app client, and configuring it in the Spring Boot application. 1. …
Spring Boot Security Role-based Authorization
Learn the core concepts of configuring role-based authorization in Spring Security 6 and implementing authorization in a Spring Boot application.
Spring Security – Deprecated WebSecurityConfigurerAdapter
After WebSecurityConfigurerAdapter was first deprecated and then removed in Spring Security 6, this tutorial will help in migrating to the latest version.
Spring Security Tutorial
In Spring security tutorial, learn how it works under the hood, concepts of authentication, authorization, access control and basic configurations.
Login/Logout using Spring Boot Security 3 and JWT Auth
Learn to implement authentication with a user login and logout functionality using Vue.js and Spring Boot Security using JWT tokens.
OAuth2 Social Login with Spring Boot Security
Learn to configure OAuth2 authorization-based login security in a Spring boot and spring security application with custom handlers.
Disable Spring Security in Spring Boot
Learn to partially or fully disable the Spring security in Spring boot applications based on selected runtime @Profile or using properties.
Enable Debug Logging for Spring Security
Learn to enable DEBUG and TRACE level logging for spring security configuration, request processing and filter chain proxy using simple switches.
Spring Security Database-backed Form Login
Learn to configure and test a spring security login form based authentication that fetches the username, password and roles from the database.
Spring Security Context Propagation to Threads
Learn to pass the Spring SecurityContext instance to new threads either spawned by Spring @Async or created explicitly using new Runnable or Callable instances. 1. Default Strategy is ThreadLocal Once the AuthenticationManager completes the authentication process successfully, it stores the Authentication instance for the rest of the request in the …
Custom Authentication Providers in Spring Security
Learn to create, plug in and test a custom Authentication Provider into the spring security and register with the authentication manager.
Password Encoders in Spring Security
Learn the contract spring security expects from PasswordEncoder interface, inbuilt implementations and DelegatingPasswordEncoder with examples.
Spring Custom Token Authentication Example
Learn to add custom token based authentication to REST APIs using created with Spring REST and Spring security 5. In given example, a request with header name “AUTH_API_KEY” with a predefined value will pass through. All other requests will return HTTP 403 response.
Spring Security Form Login Example
Learned default spring security login form and auto-configuration and configuring custom login form, success and failure URLs and handlers.
Spring Security @EnableWebSecurity Example
Java configuration example to enable spring security with the help of @EnableWebSecurity annotation and WebSecurityConfigurerAdapter class.
Spring Method Security with Protect-Pointcut
Spring Method Security with Protect-Pointcut is a mechanism to apply security at the method level based on AOP-style expressions (pointcuts). This allows the Spring security configuration to be segregated from the application code.
Spring Security Siteminder Pre-authentication Example
So far we have learned about securing spring application using login form based security, custom user details security and many more such security related concepts. In this post, I am giving an example of scenario where use is already authenticated via any third party application or tool e.g. site minder …
Spring View Layer Security using JSP Taglibs
So far in previous tutorials, we have learned about securing your application behind login form, custom user detail service and even method level security also. All these security implementations were on controller or model layer of MVC. Its time to add security in view layer. It is mostly needed when …
Spring Method Security with @PreAuthorize and @Secured
Spring framework has made securing your application so much easy that you only need to use some basic configurations CORRECTLY, and that’s it !! This security can be applied to multiple levels in your web application. Spring’s basic support is for these levels: URL level security Method level security Entity …
Guide to UserDetailsService in Spring Security
Learn about the contract that spring security expects from UserDetailsService and PasswordEncoder, initial defaults and basic customizations.
Basic Auth with Spring Security
Learn about default basic authentication commissioned by Spring security and customize its configurations such as password encodings.