Let’s secure our Spring REST API using OAuth2 this time, a simple guide showing what is required to secure a REST API using Spring OAuth2. Our use-case fits well with Resource-owner Password Grant flow of OAUth2 specification. We will use two different clients [Postman and a Spring RestTemplate based java application] to access our OAuth2…

Continue reading →

This post shows how an AngularJS application can consume a REST API which is secured with Basic authentication using Spring Security. Post Secure Spring REST API with Basic Authentication shows in great details how to secure a REST API using Basic authentication with Spring Security. That application will serve as a Back-end for this example….

Continue reading →

So You’ve got the REST API for your application, and now you want to secure it. How to do that? There are several popular ways to do that, ranging from Basic Authentication to a full fledged OAuth2 security solution. This Guide explains securing REST API using Basic Authentication with help of examples involving two separate…

Continue reading →

This tutorial explores Spring Security’s role based login. That means redirecting users to different URLs upon login according to their assigned roles. Let’s get going. Basically what we have to do is to create a custom Success-Handler which will be responsible for redirecting the logged-in user to appropriate URL based on his/her role. Spring Security…

Continue reading →

This post shows Method level security in Spring Security 4 with @PreAuthorize, @PostAuthorize, @Secured and Spring EL expressions. Let’s get going. Other interesting posts you may like Spring Boot+AngularJS+Spring Data+Hibernate+MySQL CRUD App Spring Boot REST API Tutorial Spring Boot WAR deployment example Secure Spring REST API using OAuth2 Spring Boot Introduction + Hello World Example…

Continue reading →

This tutorial shows you Remember-Me authentication using Spring Security 4 with Hibernate. Let’s get going. In Remember-me or persistent-login authentication, Applications remember the identity of user between sessions. Basically, during login, when you ask for Remember-Me support, application will send a cookie to the browser during login. This cookie will be stored at browser side…

Continue reading →

This tutorial shows Password Encoding in Spring Security 4 using BCryptPasswordEncoder. We will take a Spring MVC 4, Hibernate 4 & Spring Security 4 example to demonstrate a real-world setup involving login authentication and user creation.Both Annotation + XML based projects are available for download at the end of this post. Let’s get going. Other…

Continue reading →

This post shows how to use role based login in Spring Security 4 using Hibernate setup. That means redirecting users to different URLs upon login according to their assigned roles, this time along with Hibernate setup. Let’s get going. This post complements the post Spring Security 4 Hibernate Annotation Example, and simply adds the Role…

Continue reading →

This tutorial demonstrates integrating Hibernate with Spring Security 4 to perform database authentication, showing Annotation+XML configuration example in Spring 4 MVC application. Let’s get going. In this post we will learn Spring Security database authentication using Hibernate annotation+xml based approach. Previous posts discussed about Spring Security in-memory authentication. But in real-world projects, credentials are often…

Continue reading →

This tutorial shows you how to secure view layer, show/hide parts of jsp/view based on logged-in user’s roles, using Spring Security tags in Spring MVC web application. Let’s get going. Other interesting posts you may like Spring Boot+AngularJS+Spring Data+Hibernate+MySQL CRUD App Spring Boot REST API Tutorial Spring Boot WAR deployment example Secure Spring REST API…

Continue reading →