What feature of Servlet API does Spring security use to provide security for Servlet applications?

Spring framework used the standard servlet Filter technology to provide security to Servlet based applications.

What is DelegatingFilterProxy?

DelegatingFilterProxy is a Servlet filter implementation provided by the Springframework that bridges the Servlet containers lifecycle and Spring framesorks's ApplicationContext. DelegatingFilterProxy delegates the work to a Spring bean that implements Filter.

What is FilterChainProxy?

FilterChainProxy is a Spring bean, that implements Filter, and contains Spring Security's servlet support. FilterChainProxy is wrapped in DelegatingFilterProxy, and delegates to security filters through SecurityFilterChain.

What is FilterChainProxy?

FilterChainProxy is a Spring bean, that implements Filter, and contains Spring Security's servlet support. FilterChainProxy is wrapped in DelegatingFilterProxy, and delegates to security filters through SecurityFilterChain.

What is SecurityFilterChain?

FilterChainProxy uses SecurityFilterChain to determine which security filters should be invokes for a particular request.

What are Security filters? What are some examples of security filters provided by the Spring framework?

Security filters are beans which extend Filter and register with FilterChainProxy via SecurityFilterChain.

Some common filters provided by SpringFramework are BasicAuthenticationFilter, BearerTokenAuthenticationFilter, DigestAuthenticationFilter, OAuth2LoginAuthenticationFilter, SessionManagementFilter, etc.

What are the key components provided by Spring framework to support Authentication?

Spring framework provides many key components to support Authentication features. These are.

SecurityContextHolder - Contains SecurityContext object, which has details of who is authenticated.

SecurityContext - Contains Authentication object, which has details of the current authenticated user.

Authentication - Contains the currently authenticated user - has fields principal, credentials and authorities

How do you set an authenticated user using Spring Security framework?

You set an authenticated user by creating the Authentication object with user details, setting the Authentication object in SecurityContext object, and then setting the SecurityContext object in SecurityContextHolder

SecurityContext context = SecurityContextHolder.createEmptyContext();
Authentication authentication = new TestingAuthenticationToken('username', 'password', 'USER_ROLE'); 
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);

How do you access details of an authenticated user in Spring Security framework?

You access details of an authenticated user by getting the SecurityContext object from SecurityContextHolder object, and then getting the Authentication object from the SecurityContect object.

You can get the user name, principal and authorites granted for the user by calling corresponding methods on the Authentication object.

SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
String userName = authentication.getName();
Object principal = authentication.getPrincipal();
Collection authorities = authentication.getAuthorities();

What are GrantedAuthorities?

GrantedAuthorities are permissions or roles that the user is granted such as ROLE_ADMINISTRATOR, ROLE_SUPERVISOR etc.

These are set in the authorities fir=eld in the Authentication object, and can be retrieved by calling the method Authentication.getAuthorities()

What are the different authentication mechanisms supported by Spring framework?

Spring supports various authentication mechanisms - username and password, OAuth login, SAML login, JAAS, OpenId, X509 Authentication, etc.

What is OAuth 2.0 login mechanism?

The OAuth 2.0 login mechanism provides an application with the capability to have users login to the application by using their existing account at an OAuth 2.0 provider or OpenID Connect1.0 provider.

Example of these are applications that have the login feature 'Login With Google' or 'Login With Facebook'.

Some common OAuth 2.0 providers are Google, Facebook, Okta and Github.

What is SAML 2.0 login mechanism?

The SAML 2.0 login mechanism provides an application with the capability to have users login to the application by using their existing account at an SAML 2.0 provider

Some common SAML 2.0 providers are Okta and ADFS.