Advanced Authentication & Authorization

Advanced authentication, fine-grained authorization with @PreAuthorize/@PostAuthorize, roles, permissions, SpEL

30 คำถามสัมภาษณ์·

Senior

What is the main role of the UserDetailsService interface in Spring Security?

คำตอบ

UserDetailsService is responsible for loading user information from the data source (database, LDAP, etc.) during authentication. Its loadUserByUsername() method returns a UserDetails object containing the username, password, roles and authorities. Spring Security then uses this information to validate credentials and build the SecurityContext.

Which annotation enables method-level security in Spring Security 6+?

คำตอบ

@EnableMethodSecurity is the modern annotation in Spring Security 6+ that enables method-level security. It replaces the old @EnableGlobalMethodSecurity and enables @PreAuthorize, @PostAuthorize and @Secured by default. It uses AOP proxy-based configuration to intercept method calls and check authorizations.

When does the @PreAuthorize annotation check authorizations?

คำตอบ

@PreAuthorize checks authorizations BEFORE method execution. If the SpEL condition returns false, an AccessDeniedException is thrown and the method is never executed. This prevents access to unauthorized resources from the start. In contrast, @PostAuthorize checks after execution, which is useful for filtering results based on the user.

What is the main difference between hasRole() and hasAuthority() in Spring Security?

How to implement a custom UserDetailsService that loads users from a database?

+27 คำถามสัมภาษณ์

หัวข้อสัมภาษณ์ Spring Boot อื่นๆ

Advanced Authentication & Authorization

What is the main role of the UserDetailsService interface in Spring Security?

คำตอบ

Which annotation enables method-level security in Spring Security 6+?

คำตอบ

When does the @PreAuthorize annotation check authorizations?

คำตอบ

What is the main difference between hasRole() and hasAuthority() in Spring Security?

How to implement a custom UserDetailsService that loads users from a database?

หัวข้อสัมภาษณ์ Spring Boot อื่นๆ

Spring Core - IoC & DI

Spring Boot Auto-Configuration

Spring Boot Starters

Application Properties & YAML

Logging with SLF4J & Logback

Spring Boot DevTools

Spring MVC Basics

Spring REST Controllers

Request & Response Handling

Exception Handling

Bean Validation

Spring Data JPA Basics

JPA Entities & Relationships

JPA Queries

Spring Data Repositories

Spring Security Basics

Spring Boot Actuator

Unit Testing with JUnit & Mockito

Spring Boot Testing

Profiles & Environment

RestTemplate & WebClient

Async & Scheduling

Caching with Spring

Spring WebFlux (Reactive)

Spring Transactions

JWT & Stateless Security

OAuth2 & Authorization Server

Spring Boot & Docker

Microservices with Spring

Spring Cloud Config

Performance Optimization

GraalVM Native Images

เชี่ยวชาญ Spring Boot สำหรับการสัมภาษณ์ครั้งถัดไป