Spring Security Tutorials

This page features the complete list of Spring Security tutorials published on CodeJava.net website. You can find code examples ranging from fundamental authentication to role-based authorization, from login page customization to remember me configuration, from authentication hanlders to password management and encryption, and from OAuth2 login to JWT and REST API security.

You know, Spring Security is an important project in the Spring platlform. It helps developers easily secure Spring-based applications with best security pratices and industry standards. Check the following tutorials to get started with Spring Security:

1. Basic Authentication and Authorization

You can get started with Spring Security by learning to develop user sign up and sign in modules with credentials stored in database, which is the most basic features of any web applications. For specific security needs, you'll find examples about form authentication and HTTP basic authentication with in-memory users, and form login with JDBC, JPA, Hibernate and MySQL database. You'll also find a guide about fixing some Spring Security's deprecated methods.

• Spring Boot Registration and Login with MySQL Database Tutorial
• Spring Security Form Authentication with in-memory users
• Spring Security HTTP Basic Authentication with in-memory users
• Spring Security Form Authentication with JDBC and MySQL
• Spring Security Authentication with JPA, Hibernate and MySQL
• How to Fix WebSecurityConfigurerAdapter Deprecated

2. Role-based Authoriazation

The following tutorials dive deeper into user authorization implementation with roles or authorities. You'll learn how to authorize users to use specific modules based on their roles; how to manage roles of users; how to redirect users after login based on their roles. And more advanced, you'll learn how to code separate login pages for admin users and normal users.

• Spring Security Role-based Authorization Tutorial
• Spring Security Add Roles to User Examples
• Spring Security Redirect Users After Login Based on Roles
• Spring Security Multiple Login Pages Examples

3. Login & Logout Customization:

Besides the default login form generated automatically, Spring Security also allows programmers to use custom login pages if needed. In the following articles, you'll see various examples about login and logout customizations with Spring Security, including Remember login functionality.

• Spring Security Customize Login and Logout
• Spring Security Custom Login Page with Thymeleaf, HTML 5 and Bootstrap 4
• How to use Logout Link instead of Button
• How to Get Logged-in User's Details
• Prevent User from Going Back to Login Page if Already logged in
• Spring Security Remember Me (Remember Login) Examples

4. Spring Security Authentication Handlers:

Although Spring Security makes developer's life easier with default configurations and implementation for the most basic needs, it also allows advanced customization if needed. In the following articles, you'll learn how to hook security events such as on successful or failed authentication, on successful logout, and before authentication occurs. It will be helpful to develop advanced security functionalities.

• Spring Security Authentication Success Handler Examples
• Spring Security Authentication Failure Handler Examples
• Spring Security Logout Success Handler Example
• Spring Security Before Authentication Filter Examples

Spring Boot E-Commerce Ultimate Course

Learn to Build a complete shopping website using Java, Spring Boot, Thymeleaf, Bootstrap, jQuery and MySQL database

5. Spring Security Password and Encryption:

Spring Security provides built-in support for password encryption with the most modern and strong cryptographic algorithms such as BCrypt. That means you can have your user credentials encoded and stored safely in database. Check the following tutorials for more advanced password-related functions, such as forgot password, one-time password email, password expiration, etc. In addition, I'll also share code examples about encrypt credentials in configuration file, HTTPS configuration on localhost, and how to use plain text password in Spring Security.

• Spring Security Forgot Password Tutorial
• Spring Boot Password Encryption for Application Configuration File using Jasypt
• Spring Security Limit Login Attempts Example
• Spring Security OTP Email Tutorial
• Spring Security Password Expiration Tutorial
• Configure HTTPS for Spring Boot Application with Self-Signed Certificate on Localhost
• Spring Security without Password Encoding - Plain Text Password

6. Spring Security OAuth Authentication:

Spring Security OAuth2 helps programmers easily implement authorization following OAuth 2 protocol in their Spring applications. You'll find in the following tutorlal helpful code examples for implementing social login with Google, Facebook, and GitHub using Spring Security OAuth2 APIs:

• Spring Boot OAuth2 Login with Google Example
• Spring Boot Social Login with Facebook Example
• Spring Boot OAuth2 Login with GitHub Example
• Spring Boot OAuth2 Social Login with Google and Facebook

7. Spring Security with JWT and REST APIs:

Spring Security also provides great support for implementing REST API security with JSON Web Token (JWT). The following tutorials will guide you how to implement authentication and authorization with JWT in your Spring applications:

• Spring Security JWT Authentication Tutorial
• Spring Security JWT Role-based Authorization Tutorial

Videos: Spring Security Video Playlist on YouTube

References:

• Spring Security Project Homepage
• Spring Security Reference Docs
• Spring Security API Javadocs

About the Author:

Nam Ha Minh is certified Java programmer (SCJP and SCWCD). He began programming with Java back in the days of Java 1.4 and has been passionate about it ever since. You can connect with him on Facebook and watch his Java videos on YouTube.