Spring Security Architecture Last Updated : 16 Apr, 2025 Comments Improve Suggest changes Like Article Like Report Spring Security framework helps us to secure Java-based web applications. The main task of the Spring Security framework is managing who can access what. It is used to protect our application from common security threats such as CSRF and session fixation attacks. Spring Security makes it simple to set up user login systems and also ensures that the application is both secure and user-friendly.Spring Security framework adds two important capabilities to web applications, which are listed below:Authentication Authorization/Access ControlThis framework protects against popular security issues like CSRF attacks, or Fixation attacks. It provides a secure and standard way to set up user login functionality in web applications and thus provides quick user authentication and access control. AuthenticationAuthentication is the process of verifying the identity of the computer user. It is the process of verifying the user and devices before allowing them to access the resources. In Java, the AuthenticationManager interface is responsible for handling authentication events. Example: The AuthenticationManager interface method "authenticate()" returns authentication (i.e if authentication= true )if it verifies the identity. The AuthenticationException is thrown if it identifies an invalid identity or principal. It returns null if he cannot decide the identity.Authorization/Access ControlWhen a user or a device is authenticated, the next step is authorization which is the process of allowing the authority to perform certain tasks or operations. In Java, AccessDecisionManager and AccessDecsionVoter classes help in the authorization process. Example: The class ConfigAttribute provides the secure object metadata to provide the permission required to access it. The AccessDecisionVoter handles the Spring Expression Language (SpEL) expressions. ConfigAttribute is an interface that contains only one method that returns a string that defines the rules for access control.AdvantagesProvides support for Java ConfigurationProvides support for integration with Spring MVCProvides protection against major security issuesProvides efficient portabilitySample Java Configuration File: Java // Configuration Java File import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableMethodSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableMethodSecurity public class SecurityConfig { // Bean for UserDetailsService to manage user authentication details @Bean public UserDetailsService userDetailsService(BCryptPasswordEncoder passwordEncoder) { InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); manager.createUser(User.withUsername("AbhijeetRathore") .password(passwordEncoder.encode("Abhijeet123")) .roles("USER") .build()); return manager; } // Bean for configuring HTTP security settings @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests(authz -> authz .requestMatchers("/").hasRole("ADMIN") .anyRequest().authenticated()) .httpBasic(); return http.build(); } // Bean for customizing web security @Bean public WebSecurityCustomizer webSecurityCustomizer() { return web -> web.ignoring().requestMatchers("/resources/**"); } // Bean to provide a BCryptPasswordEncoder for securely encoding passwords @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } } Comment More infoAdvertise with us Next Article Spring Security Annotations abhijitrathoreabsn516 Follow Improve Article Tags : Java Technical Scripter Advance Java Technical Scripter 2022 Java-Spring-Security +1 More Practice Tags : Java Similar Reads What is Advanced Java? In the realm of coding, creativity, and state-of-the-art technology have a pivotal role in the domain of software creation. Java is known for its platform independence, robustness, and extensive libraries. Advanced Java concepts let you make really complicated programs, it encompasses an array of te 13 min read Servlets and JSPIntroduction to Java ServletsJava Servlet is a Java program that runs on a Java-enabled web server or application server. It handles client requests, processes them, and generates responses dynamically. Servlets are the backbone of many server-side Java applications due to their efficiency and scalability.Key Features:Servlets 7 min read Introduction to JSPJavaServer Pages (JSP) is a server-side technology that creates dynamic web applications. It allows developers to embed Java code directly into HTML or XML pages, and it makes web development more efficient.JSP is an advanced version of Servlets. It provides enhanced capabilities for building scalab 5 min read JSP ArchitectureJSP architecture gives a high-level view of the working of JSP. JSP architecture is a 3 tier architecture. It has a Client, Web Server, and Database. The client is the web browser or application on the user side. Web Server uses a JSP Engine i.e; a container that processes JSP. For example, Apache T 3 min read Life Cycle of JSPThe life cycle of a JavaServer Page (JSP) consists of various phases that start from its creation, followed by its translation into a servlet, and finally managed by the servlet lifecycle. The JSP engine handles this process automatically. Steps of JSP Life Cycle Translation of JSP page to ServletCo 2 min read Difference between Servlet and JSPBrief Introduction: Servlet technology is used to create a web application. A servlet is a Java class that is used to extend the capabilities of servers that host applications accessed by means of a request-response model. Servlets are mainly used to extend the applications hosted by web services. J 3 min read Dependency Injection(DI) Design Pattern Effective dependency management is essential to building scalable and maintainable systems. The Dependency Injection (DI) design pattern is one strategy that has become very popular. Fundamentally, dependency injection is a method that addresses how components or objects are constructed and how they 10 min read SpringIntroduction to Spring FrameworkThe Spring Framework is a powerful, lightweight, and widely used Java framework for building enterprise applications. It provides a comprehensive programming and configuration model for Java-based applications, making development faster, scalable, and maintainable.Before Enterprise Java Beans (EJB), 9 min read Spring Framework ArchitectureThe Spring framework is a widely used open-source Java framework that provides a comprehensive programming and configuration model for building enterprise applications. Its architecture is designed around two core principles: Dependency Injection (DI) Aspect-Oriented Programming (AOP)The Spring fram 7 min read Spring InitializrSpring Initializr is a popular tool for quickly generating Spring Boot projects with essential dependencies. It helps developers set up a new application with minimal effort, supporting Maven and Gradle builds. With its user-friendly interface, it simplifies project configuration, making it an essen 4 min read Spring - BeanFactoryThe first and foremost thing when we talk about Spring is dependency injection which is possible because Spring is a container and behaves as a factory of Beans. Just like the BeanFactory interface is the simplest container providing an advanced configuration mechanism to instantiate, configure, and 4 min read Spring - ApplicationContextApplicationContext belongs to the Spring framework. Spring IoC container is responsible for instantiating, wiring, configuring, and managing the entire life cycle of beans or objects. BeanFactory and ApplicationContext represent the Spring IoC Containers. ApplicationContext is the sub-interface of B 5 min read Spring Dependency Injection with ExampleDependency Injection is the main functionality provided by Spring IOC(Inversion of Control). The Spring-Core module is responsible for injecting dependencies through either Constructor or Setter methods. The design principle of Inversion of Control emphasizes keeping the Java classes independent of 7 min read Spring - IoC ContainerThe Spring framework is a powerful framework for building Java applications. It can be considered a collection of sub-frameworks, also referred to as layers, such as Spring AOP, Spring ORM, Spring Web Flow, and Spring Web MVC. We can use any of these modules separately while constructing a Web appli 2 min read Spring - AutowiringAutowiring in the Spring framework can inject dependencies automatically. The Spring container detects those dependencies specified in the configuration file and the relationship between the beans. This is referred to as Autowiring in Spring. To enable Autowiring in the Spring application we should 4 min read Spring Framework AnnotationsSpring framework is one of the most popular Java EE frameworks. It is an open-source lightweight framework that allows Java EE 7 developers to build simple, reliable, and scalable enterprise applications. Spring framework mainly focuses on providing various ways to help you manage your business obje 6 min read SpringBootIntroduction to Spring BootSpring is widely used for creating scalable applications. For web applications, Spring provides Spring MVC, a commonly used module for building robust web applications. The major drawback of traditional Spring projects is that configuration can be time-consuming and overwhelming for new developers. 5 min read Difference between Spring and Spring BootSpring Spring is an open-source lightweight framework that allows Java developers to build simple, reliable, and scalable enterprise applications. This framework mainly focuses on providing various ways to help you manage your business objects. It made the development of Web applications much easier 4 min read Spring Boot - ArchitectureSpring Boot is built on top of the core Spring framework. It simplifies and automates Spring-based application development by reducing the need for manual configuration. Spring Boot follows a layered architecture, where each layer interacts with other layers in a hierarchical order. The official Spr 3 min read Spring Boot - AnnotationsSpring Boot Annotations are a form of metadata that provides data about a spring application. Spring Boot is built on the top of the spring and contains all the features of spring. And is becoming a favorite of developers these days because of its rapid production-ready environment which enables the 7 min read Spring Boot ActuatorDeveloping and managing an application are the two most important aspects of the application’s life cycle. It is very important to know what is going on beneath the application. Also, when we push the application into production, managing it gradually becomes critically important. Therefore, it is a 5 min read Spring Boot - Code StructureThere is no specific layout or code structure for Spring Boot Projects. However, there are some best practices followed by developers that will help us too. You can divide your project into layers like service layer, entity layer, repository layer,, etc. You can also divide the project into modules. 3 min read Spring - RestTemplateDue to high traffic and quick access to services, REST APIs are getting more popular and have become the backbone of modern web development. It provides quick access to services and also provides fast data exchange between applications. REST is not a protocol or a standard, rather, it is a set of ar 7 min read How to Change the Default Port in Spring Boot?Spring Boot framework provides a default embedded server i.e. the Tomcat server for many configuration properties to run the Spring Boot application. The application runs on the default port which is 8080. As per the application need, we can also change this default port for the embedded server. In 4 min read Spring Boot - SchedulingSpring Boot provides the ability to schedule tasks for execution at a given time period with the help of @Scheduled annotation. This article provides a step by step guideline on how we can schedule tasks to run in a spring boot application Implementation:It is depicted below stepwise as follows: St 4 min read Spring Boot - Sending Email via SMTPSpring Boot provides the ability to send emails via SMTP using the JavaMail Library. Here we will be illustrating step-by-step guidelines to develop Restful web services that can be used to send emails with or without attachments. In order to begin with the steps, let us first create a Spring Boot p 5 min read Spring Boot - REST ExampleIn modern web development, most applications follow the Client-Server Architecture. The Client (frontend) interacts with the server (backend) to fetch or save data. This communication happens using the HTTP protocol. On the server, we expose a bunch of services that are accessible via the HTTP proto 4 min read Introduction to the Spring Data Framework Spring Data is a powerful data access framework in the Spring ecosystem that simplifies database interactions for relational (SQL) and non-relational (NoSQL) databases. It eliminates boilerplate code and provides an easy-to-use abstraction layer for developers working with JPA, MongoDB, Redis, Cassa 3 min read Spring MVCSpring - MVC FrameworkThe Spring MVC Framework follows the Model-View-Controller architectural design pattern, which works around the Front Controller, i.e., the Dispatcher Servlet. The Dispatcher Servlet handles and dispatches all incoming HTTP requests to the appropriate controller. It uses @Controller and @RequestMapp 4 min read Spring - Multi Action Controller with ExampleSpring is one of the most popular Java EE frameworks. It is an open-source lightweight framework that allows Java EE 7 developers to build simple, reliable, and scalable enterprise applications. This framework mainly focuses on providing various ways to help you manage your business objects. It made 4 min read Spring MVC using Java Based ConfigurationSpring MVC framework enables the separation of modules, namely Model, View, and Controller, and seamlessly handles application integration. This enables the developer to create complex applications using plain Java classes. The model object can be passed between the view and the controller using map 3 min read ViewResolver in Spring MVCSpring MVC is a powerful Web MVC Framework for building web applications. It provides a structured way to develop web applications by separating concerns into Model, View, and Controller. One of the key features of Spring MVC is the ViewResolver, which enables you to render models in the browser wit 7 min read Spring MVC - Exception HandlingPrerequisites: Spring MVC When something goes wrong with your application, the server displays an exception page defining the type of exception, the server-generated exception page is not user-friendly. Spring MVC provides exception handling for your web application to make sure you are sending your 6 min read Spring - MVC Form HandlingPrerequisites: Spring MVC, Introduction to Spring Spring MVC is a Model-View-Controller framework, it enables the separation of modules into Model, View, and Controller and uniformly handles the application integration. In this article, we will create a student login form and see how Spring MVC hand 6 min read How to Make Post Request in Java Spring?Java language is one of the most popular languages among all programming languages. There are several advantages of using the java programming language, whether for security purposes or building large distribution projects. One of the advantages of using JAVA is that Java tries to connect every conc 4 min read Spring MVC CRUD with ExampleIn this article, we will explore how to build a Spring MVC CRUD application from scratch. CRUD stands for Create, Read/Retrieve, Update, and Delete. These are the four basic operations to create any type of project. Spring MVC is a popular framework for building web applications. Spring MVC follows 7 min read Spring SecurityIntroduction to Spring Security and its FeaturesSpring Security is a powerful authentication and authorization framework used to secure Java-based web applications. It easily integrates with Spring Boot and provides advanced security mechanisms such as OAuth2, JWT-based authentication, role-based access control, and protection against common vuln 3 min read Spring Security ArchitectureSpring Security framework helps us to secure Java-based web applications. The main task of the Spring Security framework is managing who can access what. It is used to protect our application from common security threats such as CSRF and session fixation attacks. Spring Security makes it simple to s 3 min read Spring Security AnnotationsThere are multiple annotations supported by Spring Security. But, in this article, we will discuss about these annotations can be used in a Spring Boot project as well. These annotations play a crucial role in creating a web application in Spring Boot. The Spring Security annotations are a powerful 3 min read Spring Security - Basic AuthenticationSpring Security is a framework that allows a programmer to use JEE (Java Enterprise Edition) components to set security limitations on Spring Framework-based web applications. As a core part of the Spring ecosystem, it’s a library that can be utilized and customized to suit the demands of the progra 6 min read Authentication in Spring SecurityIn Spring Security, “authentication†is the process of confirming that a user is who they say they are and that they have the right credentials to log in to a protected resource or to perform a privileged action in an application. Spring Security helps you set up different authentication methods, li 13 min read What are Microservices? Microservices are an architectural approach to developing software applications as a collection of small, independent services that communicate with each other over a network. Instead of building a monolithic application where all the functionality is tightly integrated into a single codebase, micro 12 min read JUnit 5Introduction to JUnit 5JUnit is a Testing Framework. The Junit 5 is the latest version of the testing framework, and it has a lot of features when compared with Junit 4. JUnit 5, also known as JUnit Jupiter. It introduces several new features and improvements over its predecessor, JUnit 4, making it more powerful and flex 8 min read JUnit 5 – Test LifeCycleIn the Java testing framework, JUnit 5 is the latest testing framework that introduces a robust test lifecycle that is managed through four primary annotations that are @BeforeAll, @BeforeEach, @AfterEach, and @AfterAll. We need to annotate each method with @Test annotation from the org.junit.jupite 5 min read Like