Spring Security 4 Tutorial

Learn Spring Security 4 in simple step-by-step way. This series of Spring Security tutorial is based on new Spring Security 4, Spring framework version 4.

Spring Security is a lightweight security framework that provides authentication and authorization support in order to Secure Spring-based applications. It integrates well with Spring MVC and comes bundled with popular security algorithm implementations. This series of tutorial is an attempt to show Spring Security 4 basics & advanced usage, securing URL, view’s & methods in your Spring MVC/Hibernate based application.

This Spring Security Tutorial series is based on Spring Security 4.0.1.RELEASE[+] & Spring 4.1.6.RELEASE[+] based on versions available at the time of writing. Let’s start.


For Spring Boot, please refer to our Spring Boot tutorials.

For AngularJS, please refer to our AngularJS tutorials.

For Spring 4 MVC, please refer to our Spring 4 MVC tutorials.

For Spring 4, please refer to our Spring 4 MVC tutorials.

For Hibernate, please refer to our Hibernate 4 tutorials.

Spring Security Hands-on Examples

In this tutorial series, we will go through the Spring Security setup & common features, when and where to apply, different authentication methods, securing password with encoding schemes, & integrating Spring Security in Spring MVC 4 and Hibernate based applications, exploring them with help of fully-working examples.

Spring Security 4 Hello World Annotation + XML Example
A Spring MVC 4 & Spring Security 4 annotations+xml based hello world project, secure URL using spring security default login form ,in-memory authentication & custom logout logic. Covering basics of Spring Security.

Spring Security 4 Custom Login Form Annotation + XML Example
A Spring MVC 4 & Spring Security 4 annotations+xml-based example project with custom login form, in-memory authentication, CSRF protection & custom logout logic. URL Security Example.

Spring Security 4 Logout Example
Learn how to properly logout using Spring Security 4, without using hacks. This works well with browser back button as well.

Spring Security 4 Secure View layer using security taglibs
Secure parts of JSP/Views, show/hide view fragments based on logged-in user’s role using Spring Security Tags. View Security Example.

Spring Security 4 Role Based Login Example
Upon login, redirect the user to corresponding URL based on his/her assigned roles. A Spring MVC 4 & Spring Security 4 annotations-based example project with custom Success-Handler , custom login form, in-memory authentication, CSRF protection & custom logout logic.

Spring Security 4 Hibernate Authentication Annotation + XML Example
Spring Security 4 Database Authentication Example. Load and compare user data directly from database during authentication using Hibernate. A Spring MVC 4, Hibernate 4 & Spring Security 4 annotations-based example project with custom login form, database authentication, custom UserDetailsService, CSRF protection & custom logout logic.

Spring Security 4 Hibernate Role Based Login Example
Upon login, redirect the user to corresponding URL based on his/her assigned roles. A Spring MVC 4 , Hibernate 4 & Spring Security 4 annotations-based example project with custom Success-Handler, custom login form, database authentication, custom UserDetailsService, CSRF protection & custom logout logic.

Spring Security 4 Password Encoding Example With BCrypt Algorithm using Hibernate
Password Encoding Example using SpringSecurity BCrypt Algorithm implementation BCryptPasswordEncoder. A Spring MVC 4, Hibernate 4 & Spring Security 4 annotations-based example project also showing One-To-Many mapping in JSP.

Spring Security 4 Remember Me Example with Hibernate
Enable Remember-Me using Persistent Token Approach in your Spring Security 4 , Spring MVC 4, and Hibernate 4 based application. Spring Security Tags example.

Spring Security 4 Method level security with @PreAuthorize, @PostAuthorize, @Secured & EL expression
Secure Method invocations, using Spring Security @PreAuthorize, @PostAuthorize, @Secured & EL expression. Method Security Example.

Spring 4 MVC + Spring Security 4 + Hibernate 4 integration example
Integrate Spring MVC 4 with Spring Security 4, Hibernate 4 Many to Many example, showing CRUD operations, managing Many-To-Many mapping on View/JSP, storing passwords in encrypted format using BCrypt, and providing RememberMe functionality using custom PersistentTokenRepository implementation with Hibernate HibernateTokenRepositoryImpl, Spring Converter example, showing usage of transaction management & JSR303 validation.

Secure Spring REST API using Basic Authentication
This Guide explains securing REST API using Basic Authentication with help of examples involving two separate clients [Postman & a Spring RestTemplate based Java app] trying to get access to our REST API.

AngularJS+Spring Security using Basic Authentication
This post shows how an AngularJS application can consume a REST API which is secured with Basic authentication using Spring Security.

Secure Spring REST API using OAuth2
A Guide to OAuth2, securing REST API using Spring OAuth2 support, showing how different clients can access the OAuth2 protected resources using access tokens.

References