Spring Security 4 Tutorial

Learn Spring Security 4 in simple step-by-step way. This series of Spring Security tutorial is based on new Spring Security 4, Spring framework version 4.

Spring Security is a lightweight security framework that provides authentication and authorization support in order to Secure Spring-based applications. It integrates well with Spring MVC and comes bundled with popular security algorithm implementations. This series of tutorial is an attempt to show Spring Security 4 basics & advanced usage, securing URL, view’s & methods in your Spring MVC/Hibernate based application.

This Spring Security Tutorial series is based on Spring Security 4.0.1.RELEASE[+] & Spring 4.1.6.RELEASE[+] based on versions available at the time of writing.


Spring Security Hands-on Examples

In this tutorial series, we will go through the Spring Security setup & common features, when and where to apply, different authentication methods, securing password with encoding schemes, & integrating Spring Security in Spring MVC 4 and Hibernate based applications, exploring them with help of fully-working examples.

Spring Security 4 Hello World Annotation + XML Example
A Spring MVC 4 & Spring Security 4 annotations+xml based hello world project, secure URL using spring security default login form ,in-memory authentication & custom logout logic. Covering basics of Spring Security.

Spring Security 4 Custom Login Form Annotation + XML Example
A Spring MVC 4 & Spring Security 4 annotations+xml-based example project with custom login form, in-memory authentication, CSRF protection & custom logout logic. URL Security Example.

Spring Security 4 Logout Example
Learn how to properly logout using Spring Security 4, without using hacks. This works well with browser back button as well.

Spring Security 4 Secure View layer using security taglibs
Secure parts of JSP/Views, show/hide view fragments based on logged-in user’s role using Spring Security Tags. View Security Example.

Spring Security 4 Role Based Login Example
Upon login, redirect the user to corresponding URL based on his/her assigned roles. A Spring MVC 4 & Spring Security 4 annotations-based example project with custom Success-Handler , custom login form, in-memory authentication, CSRF protection & custom logout logic.

Spring Security 4 Hibernate Authentication Annotation + XML Example
Spring Security 4 Database Authentication Example. Load and compare user data directly from database during authentication using Hibernate. A Spring MVC 4, Hibernate 4 & Spring Security 4 annotations-based example project with custom login form, database authentication, custom UserDetailsService, CSRF protection & custom logout logic.

Spring Security 4 Hibernate Role Based Login Example
Upon login, redirect the user to corresponding URL based on his/her assigned roles. A Spring MVC 4 , Hibernate 4 & Spring Security 4 annotations-based example project with custom Success-Handler, custom login form, database authentication, custom UserDetailsService, CSRF protection & custom logout logic.

Spring Security 4 Password Encoding Example With BCrypt Algorithm using Hibernate
Password Encoding Example using SpringSecurity BCrypt Algorithm implementation BCryptPasswordEncoder. A Spring MVC 4, Hibernate 4 & Spring Security 4 annotations-based example project also showing One-To-Many mapping in JSP.

Spring Security 4 Remember Me Example with Hibernate
Enable Remember-Me using Persistent Token Approach in your Spring Security 4 , Spring MVC 4, and Hibernate 4 based application. Spring Security Tags example.

Spring Security 4 Method level security with @PreAuthorize, @PostAuthorize, @Secured & EL expression
Secure Method invocations, using Spring Security @PreAuthorize, @PostAuthorize, @Secured & EL expression. Method Security Example.

Spring 4 MVC + Spring Security 4 + Hibernate 4 integration example
Integrate Spring MVC 4 with Spring Security 4, Hibernate 4 Many to Many example, showing CRUD operations, managing Many-To-Many mapping on View/JSP, storing passwords in encrypted format using BCrypt, and providing RememberMe functionality using custom PersistentTokenRepository implementation with Hibernate HibernateTokenRepositoryImpl, Spring Converter example, showing usage of transaction management & JSR303 validation.

Secure Spring REST API using Basic Authentication
This Guide explains securing REST API using Basic Authentication with help of examples involving two separate clients [Postman & a Spring RestTemplate based Java app] trying to get access to our REST API.

AngularJS+Spring Security using Basic Authentication
This post shows how an AngularJS application can consume a REST API which is secured with Basic authentication using Spring Security.

Secure Spring REST API using OAuth2
A Guide to OAuth2, securing REST API using Spring OAuth2 support, showing how different clients can access the OAuth2 protected resources using access tokens.

References

  • Hu Debarun

    Hi there,
    Your last post “Secure Spring REST API using OAuth2″ was pretty awesome.

    I am big fan of your site and follow regularly. Almost a year back I requested for that Spring Security with REST example. Happy to see multiple examples on that.

    Now my problem,
    I have a webapp which calls Spring REST from Angular JS. Want to implement Role based authentication where password is encrypted and stored in DB though Hibernate. Login/Logout Remember Me, all want to implement through AngularJS+REST

    It would be great help to me if you can post an example on this.

    Regards,
    Debarun

  • Roliandro Barbosa

    Thank you. your posts are useful. I would like to request you to make a Rest tutorial with apache and with both json and xml and database connections. Thank you in advance…

  • Pingback: spring rest token based authentication | bruinrow()

  • Pingback: spring rest token based authentication - دسرا()

  • Sot So

    Thank, all of your posts are useful. Anyways, I would like to request you to implement spring security with Apache Shiro. Thank you in advance…

  • Prakash

    I am looking forward for a tutorial that utilises Spring Security in a n app using AngularJS and Spring MVC.

  • Aaron Aaron

    Can you create a tutorial about Spring Security and Angular JS.

  • http://liuchao.me/ holyghost

    thanks! it helps a lot.

  • Shashi Kant

    thanks for the knowledge and hands on code

  • melkir

    Very nice, thank you very much ! Can you add a tuto for recover password by email ?

  • melkir

    Very nice tuto ! Can you add a tutoriel for recover password by email ?

  • melkir

    Very nice tutoriel ! Can you add a tutoriel for recover password by email ?