Secure Spring REST API using OAuth2

Let’s secure our Spring REST API using OAuth2 this time, a simple guide showing what is required to secure a REST API using Spring OAuth2. Our use-case fits well with Resource-owner Password Grant flow of OAUth2 specification. We will use two different clients [Postman and a Spring RestTemplate based java application] to access our OAuth2…

Continue reading

AngularJS+Spring Security using Basic Authentication

This post shows how an AngularJS application can consume a REST API which is secured with Basic authentication using Spring Security. Post Secure Spring REST API with Basic Authentication shows in great details how to secure a REST API using Basic authentication with Spring Security. That application will serve as a Back-end for this example….

Continue reading

Secure Spring REST API using Basic Authentication

So You’ve got the REST API for your application, and now you want to secure it. How to do that? There are several popular ways to do that, ranging from Basic Authentication to a full fledged OAuth2 security solution. This Guide explains securing REST API using Basic Authentication with help of examples involving two separate…

Continue reading

Spring Security 4 Role Based Login Example

This tutorial explores Spring Security’s role based login. That means redirecting users to different URLs upon login according to their assigned roles. Basically what we have to do is to create a custom Success-Handler which will be responsible for redirecting the logged-in user to appropriate URL based on his/her role. Spring Security already provides SimpleUrlAuthenticationSuccessHandler…

Continue reading

Spring Security 4 Method security using @PreAuthorize,@PostAuthorize, @Secured, EL

This post shows Method level security in Spring Security 4 with @PreAuthorize, @PostAuthorize, @Secured and Spring EL expressions. Other interesting posts you may like Secure Spring REST API using OAuth2 AngularJS+Spring Security using Basic Authentication Secure Spring REST API using Basic Authentication Spring 4 MVC+JPA2+Hibernate Many-to-many Example Spring 4 Caching Annotations Tutorial Spring 4 Cache…

Continue reading

Spring Security 4 Remember Me Example with Hibernate

This tutorial shows you Remember-Me authentication using Spring Security 4 with Hibernate. In Remember-me or persistent-login authentication, Applications remember the identity of user between sessions. Basically, during login, when you ask for Remember-Me support, application will send a cookie to the browser during login. This cookie will be stored at browser side and will remain…

Continue reading

Spring Security 4 Hibernate Password Encoder Bcrypt Example

This tutorial shows Password Encoding in Spring Security 4 using BCryptPasswordEncoder. We will take a Spring MVC 4, Hibernate 4 & Spring Security 4 example to demonstrate a real-world setup involving login authentication and user creation.Both Annotation + XML based projects are available for download at the end of this post. Other interesting posts you…

Continue reading

Spring Security 4 Hibernate Role Based Login Example

This post shows how to use role based login in Spring Security 4 using Hibernate setup. That means redirecting users to different URLs upon login according to their assigned roles, this time along with Hibernate setup. This post complements the post Spring Security 4 Hibernate Annotation Example, and simply adds the Role based login functionality…

Continue reading

Spring Security 4 Hibernate Integration Annotation+XML Example

This tutorial demonstrates integrating Hibernate with Spring Security 4 to perform database authentication, showing Annotation+XML configuration example in Spring 4 MVC application. In this post we will learn Spring Security database authentication using Hibernate annotation+xml based approach. Previous posts discussed about Spring Security in-memory authentication. But in real-world projects, credentials are often stored in database…

Continue reading

Spring Security 4 Secure View Fragments using taglibs

This tutorial shows you how to secure view layer, show/hide parts of jsp/view based on logged-in user’s roles, using Spring Security tags in Spring MVC web application. Other interesting posts you may like Secure Spring REST API using OAuth2 AngularJS+Spring Security using Basic Authentication Secure Spring REST API using Basic Authentication Spring MVC 4+Spring Security…

Continue reading