Spring Security

by

In this tutorial, you will learn how to return a custom error message if the conditions of the Spring Method Security are not met. To learn more about method-level security annotations read: Spring Method-Level Security with @PreAuthorize, Spring Security @Secured: Method-Level Protection, @PostAuthorize Security Annotation Example. Controller class with Spring Method Security Annotation Let’s assume…

Read More Spring Method Security: Customize Error Message
by

Spring Boot Actuator is a useful feature that provides developers with a set of tools to monitor and manage their applications. However, some of the actuator endpoints are sensitive and can potentially expose sensitive information about your application. In this article, we’ll explore different ways to secure these endpoints to ensure your application is protected.…

Read More Securing Spring Boot Actuator Endpoints: Best Practices
by

In this tutorial, I will explain in detail how to secure sensitive Spring Boot Actuator Endpoints using Spring Boot version 3. This tutorial is intended for beginners who want to learn how to monitor and manage their Spring Boot applications using Actuator. Spring Boot Actuator is a sub-module of Spring Boot that provides production-ready features…

Read More How to Secure Spring Boot Actuator Endpoints with Basic Authentication
by 0 comments on "Spring Security @Secured: Method-Level Protection"

In this Spring Security tutorial, you will learn how to enable and use the Method Level Security with a @Secured annotation. @Secured is a Spring Security annotation used to specify that a method should be executed only if the authenticated user has the required roles or authorities. When you use this annotation, you can specify…

Read More Spring Security @Secured: Method-Level Protection
by 0 comments on "@PostAuthorize Security Annotation Example"

In this tutorial, you will learn how to use the @PostAuthorize annotation to secure the return of the method’s return value in your Spring Boot Application. The @PostAuthorize annotation is evaluated after the business logic in a method is executed and if needed will prevent the method from returning a return value. There are other…

Read More @PostAuthorize Security Annotation Example
by 0 comments on "Spring Method-Level Security with @PreAuthorize"

In this Spring Boot Security tutorial, you will learn how to use Spring method-level security to secure RestController methods with @PreAuthorize annotation. If you are interested in video lessons, then I also show how to create user Roles and Authorities and how to use Spring Method Level Security annotations in my video course: RESTful Web…

Read More Spring Method-Level Security with @PreAuthorize
by 1 comment on "Spring Security In-Memory Authentication"

This tutorial will teach you how to add Spring Security to your project and enable in-memory basic authentication. You will learn how to configure two different users with different Roles and Privileges. Both users’ roles and privileges will be stored in the memory of your Spring Boot application. If you use Spring Framework and OAuth,…

Read More Spring Security In-Memory Authentication
by 1 comment on "Spring Security Default Username, Password, Role"

In this Spring Security tutorial, you will learn how to enable Basic Authentication for your Spring Boot project and configure the default username, password and user role. You will also learn how to secure a web service request URL so only authenticated users with a default username, password and role can access it. If you use…

Read More Spring Security Default Username, Password, Role
by

In Spring Boot 3, the authorizeRequests() method of the WebSecurityConfigurerAdapter class has been deprecated. This method was previously used to configure the authorization rules for securing web applications. To secure your application in Spring Boot 3 using Spring Security, you should use the HttpSecurity class and its authorizeHttpRequests() method instead. You can use the authorizeHttpRequests() method…

Read More Migrating from a Deprecated autorizeRequests()
by

This tutorial will teach you how to migrate from the depricated WebSecurityConfigurerAdapter towards the content-based security configuration. Spring Security allowed customizing HTTP security by extending a WebSecurityConfigurerAdapter class. This customization included user authorization, user authentication, etc. But in Spring Security 5.7.0-M2 the WebSecurityConfigurerAdapter is deprecated. This is because Spring Framework developers encourage users to move…

Read More (Solved!) Deprecated WebSecurityConfigurerAdapter