Q- What is spring security in java?
Spring security features in java
Spring 4 Framework have the following modules as mention below.
- Spring Security is access-control framework.
- Spring Security is a framework that used to focuses on security or restriction from non-authorize user in Java applications.
- This enables a programmer to implement security restrictions to spring framework based java applications or web application through JEE components
- Its primary area of operation is to handle authentication and authorization at the web request level as well as the method level.
- It is a powerful framework to provide high level of security to java application
- It is easy to customize authentication and authorization configuration to java application.
- It is the de-facto standard for securing Spring-based applications.
- Spring security protect against attacks like cross site request forgery, session fixation, clickjacking etc.
HTTP Basic Authentication Architecture diagram
Security Using JWT Token
Spring security features in java
Spring 4 Framework have the following modules as mention below.
- Spring Security
- Spring Security SAML
- Spring Security OAuth
- Spring Security Kerberos
- Spring Cloud Security
Answer:- The security context is the user account that the system uses to enforce security(currently authenticated user) when a thread attempts to access a securable object. This data includes the user security identifier (SID), group memberships, and privileges. A user establishes a security context by presenting credentials for authentication.
Related Tutorials
that means The SecurityContext is used to store the details of the currently authenticated user, also known as a principle.
Question: What is SecurityContextHolder in spring?
Answer:- The SecurityContextHolder is a helper class, which provide access to the security context. By default, it uses a ThreadLocal object to store SecurityContext.
Question: SecurityContext Vs SecurityContextHolder ?
Answer:- The SecurityContext is used to store the details of the currently authenticated user, this is also known as a principle. So, if we need to get the username or any other user details, than we need to get this SecurityContext first. The SecurityContextHolder is a helper class, which provide access to the security context.
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
String username = ((UserDetails)principal).getUsername();
} else {
String username = principal.toString();
}getContext() returns an instance of the SecurityContext interface. That is stored in a thread-local storage.
getPrincipal() return UserDetails object in Spring Security, which contains all the details of currently logged in user
Question: Is SecurityContextHolder thread safe?
Answer:- Yes, it's thread safe with the default strategy ( MODE_THREADLOCAL )
Related Tutorials
- Spring Boot Security Using OAuth2
- Spring Boot And Oauth2 With Jdbc
- Spring Boot Security Using JWT
- Spring Security Digest Authentication
- Spring Boot Interview Questions
- Spring Boot Microservices Architecture
- Spring Boot Interview Questions part-1
- Spring Boot Interview Questions Part-2
- Spring Boot Interview Questions Part-3
- Spring Boot Interview Questions Part-4
- Spring Boot Interview Questions Part-5
Good initiative Sanjeev, keep it up.
ReplyDelete