spring-security
This repository contains examples on how to implement different functionalities with the Spring Security framework.
Spring Security 4.x
Spring version: 4.3.14.RELEASE
Spring Security version: 4.2.4.RELEASE
Java version: 1.8
-
Basic in-memory: The most basic example of a secured application. Users are defined in-memory in the security configuration. Secured paths are 'home' and 'admin' which are available depending on the user role.
Links to source code: Spring Boot | JavaConfig | XML
-
Basic JDBC: Modified version of basic-inmemory where users are stored in an in-memory database (H2).
Links to source code: Spring Boot | JavaConfig
-
Basic JDBC with H2: The previous basic-jdbc example configuring a H2 servlet to enable connecting to the in-memory database.
Links to source code: JavaConfig
-
BCrypt password encoder: The previous basic-jdbc example configuring a password encoder that uses BCrypt hashing function in order to encode user credentials before persisting them.
Links to source code: Spring Boot | JavaConfig | XML
-
Remember-me token: Configures a remember me using a token approach, which sets a cookie in the browser.
Links to source code: Spring Boot | JavaConfig
-
Remember-me persistent: Configures a persistent remember me. THis is a more secure version which relies on a database
Links to source code: Spring Boot | JavaConfig
-
JDBC full sample: Complete example covering the basic features of a secured application, described below:
- user details backed up by an in-memory database (H2)
- custom login page
- encrypted credentials with BCrypt
- CSRF protection
- logout feature
- remember-me feature
Links to source code: Spring Boot | JavaConfig | XML
-
JDBC full sample with Thymeleaf: The above example but using Thymeleaf instead of JSPs.
Links to source code: Spring Boot
-
Method security: Securing web and service layers
Links to source code: Spring Boot | JavaConfig
-
Retrieving user details: Shows different ways of retrieving user details in the controller layer
Links to source code: Spring Boot
Spring Security 3.x
Spring version: 3.2.10.RELEASE
Spring Security version: 3.2.10.RELEASE
Java version: 1.7
-
Basic in-memory: The most basic example of a secured application. Users are defined in-memory in the security configuration. Secured paths are 'home' and 'admin' which are available depending on the user role.
Links to source code: XML
-
Basic JDBC: Modified version of basic-inmemory where users are stored in an in-memory database (H2).
Links to source code: XML
-
Basic JDBC with H2: The previous basic-jdbc example configuring a H2 servlet to enable connecting to the in-memory database.
Links to source code: XML
-
Default password encoder: Basic-jdbc example configuring a standard password encoder that uses SHA-256 hashing.
Links to source code: XML
-
BCrypt password encoder: The previous basic-jdbc example configuring a password encoder that uses BCrypt hashing function in order to encode user credentials before persisting them.
Links to source code: XML
-
Remember-me token: Configures a remember me using a token approach, which sets a cookie in the browser.
Links to source code: XML
-
Remember-me persistent: Configures a persistent remember me. THis is a more secure version which relies on a database
Links to source code: XML
-
JDBC full sample: Complete example covering the basic features of a secured application, described below:
- user details backed up by an in-memory database (H2)
- custom login page
- encrypted credentials with BCrypt
- CSRF protection
- logout feature
- remember-me feature
Links to source code: XML