Spring Security Basics
Spring Security, authentication, authorization, SecurityFilterChain, UserDetailsService, PasswordEncoder
1What is Spring Security?
What is Spring Security?
Відповідь
Spring Security is a security framework for Spring applications that provides authentication and authorization features. It protects applications against common attacks (CSRF, XSS, session fixation) and offers integration with various authentication mechanisms (form login, HTTP Basic, OAuth2, JWT). The framework uses a filter chain (Security Filter Chain) to intercept and process HTTP requests before they reach controllers.
2What is the difference between authentication and authorization in Spring Security?
What is the difference between authentication and authorization in Spring Security?
Відповідь
Authentication verifies user identity (who are you?), typically via username/password, while authorization verifies permissions (what can you do?). Authentication happens first and creates a SecurityContext with user information. Authorization then uses this information to decide if the user can access a specific resource. For example, a user can be successfully authenticated but not authorized to access /admin if their role is USER and not ADMIN.
3What is the SecurityContext in Spring Security?
What is the SecurityContext in Spring Security?
Відповідь
The SecurityContext is an object that contains the security information of the currently authenticated user, primarily the Authentication object. It is stored in the SecurityContextHolder and accessible throughout request processing. After successful authentication, Spring Security creates a SecurityContext containing an Authentication with user details (username, authorities, credentials). This context allows the application to check who the current user is and what their permissions are.
How does SecurityContextHolder store the SecurityContext by default?
What is the role of the UserDetails interface in Spring Security?
+22 питань зі співбесід
Інші теми співбесід Spring Boot
Spring Core - IoC & DI
Spring Boot Auto-Configuration
Spring Boot Starters
Application Properties & YAML
Logging with SLF4J & Logback
Spring Boot DevTools
Spring MVC Basics
Spring REST Controllers
Request & Response Handling
Exception Handling
Bean Validation
Spring Data JPA Basics
JPA Entities & Relationships
JPA Queries
Spring Data Repositories
Spring Boot Actuator
Unit Testing with JUnit & Mockito
Spring Boot Testing
Profiles & Environment
RestTemplate & WebClient
Async & Scheduling
Caching with Spring
Spring WebFlux (Reactive)
Spring Transactions
Advanced Authentication & Authorization
JWT & Stateless Security
OAuth2 & Authorization Server
Spring Boot & Docker
Microservices with Spring
Spring Cloud Config
Performance Optimization
GraalVM Native Images
Опануй Spring Boot для наступної співбесіди
Отримай доступ до всіх питань, flashcards, технічних тестів, вправ code review та симуляторів співбесід.
Почни безкоштовно