Monday, June 1, 2020

Spring security

Spring security is an application framework that helps you do application level security.

Why Spring Security?

Handles common vulnerabilities

What Spring Security can do?

  • User name / password authentication
  • SSO / Okta / LDAP
  • App level Authorization
  • Intra App Authorization  like OAth
  • Microservice security (using tokens, JWT)
  • Method level security

5 Core Concepts in Spring Security:

  1. Authentication : who is this user?
  2. Authorization : Are they allowed to do this?
  3. Principal
  4. Granted Authority
  5. Roles

Spring Security default behavior:

  • Adds mandatory authentication for URLs
  • Adds login form
  • Handles login error
  • Creates a user and sets a default password
  • Spring security generates a new password each time you start the app

How to configure authentication in spring security:

  1. Step 1: Get hold of AuthenticationManagerBuilder
  2. Step 2: Set the configuration on it
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)