Spring Security

In this tutorial, you will learn how to return a custom error message if the conditions of the Spring Method Security are not met. To learn more about method-level security annotations read: Spring Method-Level Security with @PreAuthorize, Spring Security @Secured: Method-Level Protection, @PostAuthorize Security Annotation Example. Controller class with Spring Method Security Annotation Let’s assume…

Read More Spring Method Security: Customize Error Message

In this Spring Security tutorial, you will learn how to enable and use the Method Level Security with a @Secured annotation. @Secured is a Spring Security annotation used to specify that a method should be executed only if the authenticated user has the required roles or authorities. When you use this annotation, you can specify…

Read More Spring Security @Secured: Method-Level Protection

In this Spring Security tutorial, you will learn how to enable Basic Authentication for your Spring Boot project and configure the default username, password and user role. You will also learn how to secure a web service request URL so only authenticated users with a default username, password and role can access it. If you use…

Read More Spring Security Default Username, Password, Role

In Spring Boot 3, the authorizeRequests() method of the WebSecurityConfigurerAdapter class has been deprecated. This method was previously used to configure the authorization rules for securing web applications. To secure your application in Spring Boot 3 using Spring Security, you should use the HttpSecurity class and its authorizeHttpRequests() method instead. You can use the authorizeHttpRequests() method…

Read More Migrating from a Deprecated autorizeRequests()

In this blog post, you will learn how to add user Roles and Authorities to a JWT token issued by the new Spring Authorization Server. When writing this tutorial, I assumed you are familiar with the new Spring Configuration Server setup. Otherwise, please check the Spring Authorization Server tutorial first. Adding Granted Authorities to JWT To include…

Read More Add Roles to JWT Issued by Spring Authorization Server

In this tutorial, you will learn how to create a custom password encoder in a Spring Boot application that uses Spring Security. Table of contents Create a Spring Boot project and add database connection properties, Add a User model, Create a User repository, Implement a custom PasswordEncoder, Create a service class that implements UserDetailService, Add…

Read More Custom Password Encoder in Spring Security

In this tutorial, you will learn how to use @AuthenticationPrincipal annotation to get the Jwt object containing the details of a provided in HTTP Request access token. When we send a request containing an access token in the Authorization header, behind the scenes,  Spring Framework will do a lot of work and if all is good,…

Read More @AuthenticationPrincipal – Getting the Jwt Claims

In this Spring Security tutorial, you will learn how to use the @PreAuthorize annotation to secure method invocation. You can use the @PreAuthorize annotation to secure either method in a Controller class or a method in a service layer class. There are other useful method-level security annotations like the ones below. It is useful to…

Read More Spring Security @PreAuthorize Annotation Example

In this Spring Boot tutorial, you will learn how to get the details of the currently authenticated principal user. There is more than one way to get currently authenticated user details and in this blog post, I am going to share with you a few. Most likely you already have Spring Security configured for your…

Read More Spring Security. Get Authenticated Principal Details.

In this tutorial, I will share with you how to secure Spring Cloud Eureka dashboard with Spring Security. To learn how to build RESTful Microservices with Spring Cloud by watching step-by-step video lessons, please check this page: Spring Boot Microservices and Spring Cloud. Add Spring Security to Eureka To secure Eureka with Spring Security, we will…

Read More Secure Eureka Dashboard with Spring Security