Spring Security is a powerful framework that makes an easy for authentication & authorization. It also provides a mechanics for customizing requirements.
- Authentication and Authorization
- Protection against attacks
- Servlet API integration
Spring Security Start
- Spring Security – Config Security for Web MVC by Spring Boot
- How to use Spring Security JDBC Authentication with PostgreSQL & Spring Boot
- How to use Spring Security JDBC Authentication with MySQL & Spring Boot
Custom Spring Security
- Spring Security – Customize Login Handler
- Spring Security Customize Logout Handler
- Spring Security – Customize Authentication Provider
Spring Security JWT Authentication
- Spring Security JWT Authentication example – RestAPIs SpringBoot + Spring MVC + Spring JPA + MySQL
- Spring Security JWT Authentication + PostgreSQL – RestAPIs SpringBoot + Spring MVC + Spring JPA
- Spring Security – JWT Authentication Architecture | Spring Boot
Remember-me authentication is a solution for web sites to remember the identity of a user between sessions. Having 2 approaches for remember-me authentication:
1. Cookie-based tokens
– After user login sucessfully, a cookie is sent to the browser which being composed by:
base64(username + “:” + expirationTime + “:”
+ md5Hex(username + “:” + expirationTime + “:” password + “:” + key))
key: a private key to prevent modification of the remember-me token.
– remember-me token is valid for expirationTime, & the username, password and key does not change in the period time. If a token has been captured, users can change their password then remember-me tokens will be invalid.
>>> More details at: How to configure Remember-Me authentication by Hash-Based Token Approach
2. Use a database to store the generated tokens
Create a table with name
persistent_logins to save tokens. So we need to specify a datasource for remember-me configuration.
create table persistent_logins ( username varchar(64) not null, series varchar(64) primary key, token varchar(64) not null, last_used timestamp not null )
>>> More details at: How to configure Persistent Token Remember-Me authentication
Latest Posts: Spring Security