SpringSecurity

 Spring Security uses the concept of servelet filter to get a lot of work done,  It depends upon the configuration which we are using  Form Login Filter: If we are enabling form based authentication, then spring security will enable a form Login Filter Basic Authentication Filter: if we are enabling basic authentication filter than it will enable basic authentication filter for csrf Note : there are several servelet filters like these we can even write our own servlet filters and configure them in the spring servlet chain of filter Step 1: Add New class file with implements Filter interface of package jakarta servlet (MySecurityFilter.java) This Filter interface will have abstract method named doFilter witer ServeletRequest , ServeletResponse and Most Important FilterChain as parameter as given below method signature public void doFilter(ServletRequest request , ServletResponse response , FilterChain chain ) This FilterChain param is a interface which has a complete ch...

@Configuration public class MySecurityConfig { @Bean SecurityFilterChain filterChain(HttpSecurity http ) throws Exception { http . httpBasic () ; http . authorizeHttpRequests () .anyRequest().authenticated(); return http .build(); }  } Getting given below screen without using Form based login  After using http.formLogin(); @Bean SecurityFilterChain filterChain(HttpSecurity http ) throws Exception { http . formLogin () ; http . authorizeHttpRequests () .anyRequest().authenticated(); return http .build(); } Will get this screen with login page Few more Method Support there is one more method is there in our application controller calss @RestController public class HelloController { @GetMapping ( "/hello" ) public String hello() { return "Spring Security Rocks!!" ; } @GetMapping ( "/by" ) public String bye() { return "Bye Bye tata" ; } } if we have login with Hello user once http://lo...

 The Authentication filter is a servlet filter class that will see if the user has authenticated if not , it will send that requiest to authentication manager to check if the detail send by the user are correct  if the username and password are valid, the authentication manager in turn uses authentication provider this is where the login logic or the authenication logic is defined. the authentication provider will not fetch the user details from the database or from LDAP or in memory, it will user user detail service for that purpose. it will use also password encoder becauase we dont want to store password in plain text so the password will be decoded the incoming password from the user will be encoded and then the comparision is done. once the authentication provider check if  the authentication details the user name and password etc are correct than it will send the apporopriate response back to the authentication manager authentication mangeer hands it back to the aut...

   Authentication : It is the process to letting and application know who we are By using our userId and Password, this process is called authentication Authorization : once user logs in or authenticate, how does the application know how much access the user or another application has? that is where authorization jumps in and it uses roles to do authorization Role : Each role is mapped to certain URLs or Methods in the application, and the user with certain roles will have access to certain funcationality within the application and certain users will not have access to certain functionalitiy in the application  There are diffrent ways of authentications in the HTTP or Web application world, starting from  Basic Authentication  Form based authentication Rest Api world we can implement  OAuthe Single Sign on whre we implement authentication and authorization for all application within our organization through single sign on. We can create our own custom login...