Monday, March 21, 2022
Sunday, December 19, 2021
Spring Security Interview Questions
Q:- What are some essential features of Spring Security?
Q:- Explain Spring Security Architecture using Spring Boot?
Q:- What is Spring security authentication and authorization?
Q:- What is principal in spring security?
The principal in an interface it represents the abstract notion of a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id.
or we can say, The principal is the currently logged in user. However, we can retrieve it through the security context which is bound to the current thread and as such it's also bound to the current request and its session.
The Spring Security principal can only be retrieved as an Object and needs to be cast to the correct UserDetails instance:
The principal can be defined directly as a method argument.
import java.security.Principal;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("/user")
public class UserController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String getUserName(Principal principal) {
return principal.getName();
}
}
Alternatively, we can also use the authentication token:
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("/user")
public class UserController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String getUserName(Authentication authentication) {
return authentication.getName();
}
}
Q:- Explain SecurityContextHolder, SecurityContext and Authentication Objects?
- SecurityContextHolder
- SecurityContext
- Authentication Objects
Q:- Explain AuthenticationManager, ProviderManager and AuthenticationProviders?
public interface AuthenticationManager {
Authentication authenticate(Authentication authentication) throws AuthenticationException;
}
ProviderManager: ProviderManager is the default implementation of AuthenticationManager. It delegates the authentication process to a list of AuthenticationProvider objects.public class ProviderManager
extends Object
implements AuthenticationManager, MessageSourceAware, InitializingBeanAuthenticationProvider:public interface AuthenticationProvider {
Authentication authenticate(Authentication authentication)
throws AuthenticationException;
boolean supports(Class<?> authentication);
}public class AuthenticationManagerBuilder
extends AbstractConfiguredSecurityBuilder<AuthenticationManager,AuthenticationManagerBuilder>
implements ProviderManagerBuilder<AuthenticationManagerBuilder>
Q:-What is OAuth2 Authorization code grant type? How to implement it using Spring Boot Security?
Q:-Using Spring Boot Security how to refresh expired JSON Web Token?
Q:-What is JWT ? How to implement it using Spring Boot Security
Q:-What is OAuth2 Client Credentials Grant? How to implement it using Spring Boot Security
Q:-What is OAuth2 Password Grant? How to implement it using Spring Boot Security?
Q:- What do you mean by basic authentication?
Q:- What do you mean by digest authentication?
Q:-What do you mean by session management in Spring Security?
- SessionManagementFilter.
- SessionAuthneticationStrategy
With these two, spring-security can manage the following security session options:
- Session timeouts (amount of time a user can remain inactive on a website before the site ends the session.)
- Concurrent sessions (the number of sessions that an authenticated user can have open at once).
- Session-fixation (an attack that permits an attacker to hijack a valid user session).
Q:- Explain SecurityContext and SecurityContext Holder in Spring security.
Q:- Explain spring security OAuth2.
In OAuth2, There are four roles are available as shown below:
- Resource Owner/User:
- Client:
- Authorization Server:
- Resource Server:
Q:- What do you mean by OAuth2 Authorization code grant type?
Q:- What is method security and why do we need it?
Q:- What do you mean by HASHING in spring security?
Q:- Explain salting and its usage.
Q:- What is PasswordEncoder?
Q:- Explain AbstractSecurityInterceptor in spring security?
- FilterSecurityInterceptor:
- MethodSecurityInterceptor:
Q:- Is security a cross-cutting concern?
Answer: Yes
- Logging and tracing
- Transaction management
- Security
- Caching
- Error handling
- Performance monitoring
- Custom Business Rules
Q:- What is SpEL (Spring Expression Language)?
Q:- Name security annotations that are allowed to use SpEL.
Some security annotations that are allowed to use SpEL include:
- @PreAuthorize
- @PreFilter
- @PostAuthorize
- @PostFilter
Q:- Explain what is AuthenticationManager in Spring security.
Q:- Explain what is ProviderManager in Spring security.
Q:- What is JWT?
Q:- What is Spring Security Filter Chain?
Q:- Explain how the security filter chain works.
Q:- Name some predefined filters used in spring security and write their functions.
- SecurityContextPersistenceFilter:
- ConcurrentSessionFilter:
- UsernamePasswordAuthenticationFilter:
- ExceptionTranslationFilter:
- FilterSecurityInterceptor:
Q:- What do you mean by principal in Spring security?
Q:- Can you explain what is DelegatingFilterProxy in spring security?
Q:- Can you explain what is FilterChainProxy in spring security?
Q:- What is the intercept-url pattern and why do we need it?
Q:- Does order matter in the intercept-url pattern? If yes, then in which order should we write it?
Q:- State the difference between ROLE_USER and ROLE_ANONYMOUS in a spring intercept-url configuration.
- ROLE_USER:
- ROLE_ANONYMOUS:
Q:- State the difference between @PreAuthorize and @Secured in Spring security.
Q:- State the difference between @Secured and @RolesAllowed.
Q:-How to configure Spring Security using Spring Boot?
Q:-How to create Custom Login Page using Spring Boot Security?
Q:-How to do authentication against database tables using Spring Boot Security?
Q:-How to configure Spring Security with in-memory configuration?
Q:-What is the use of Spring Boot Security AuthenticationHandler class?
Q:-How to configure DelegatingFilterProxy?
Q:-How to configure Spring Security using Spring MVC
Monday, August 5, 2019
Integrate H2 Database In Spring Boot
Q- What is the H2 database?
- H2 is one of the most popular in-memory databases written in Java.
- It is an Open Source, lightweight i.e around 1 MB only and Very fast in-memory database.
- It Supports Web Console like other databases.
- And Supports Standard SQL and JDBC API
Spring Boot provides excellent integration support for H2 using simple properties configuration.
Q- What is the use of h2 database? Or Why in memory(H2) database? Or How does h2 database work?
H2 is an open-source lightweight Java database. It can be embedded with Java applications or run in the client-server mode.
Mainly, H2 database can be configured to run as in-memory database, which means that data will not persist on the disk.
It is very useful in testing while we don't want to make any changes into real database. Or you are doing some POC(Proof of concept) before starting a your project or you are working on prototype. and we don't want to set up an actual database.
Q- What is H2 Console?
H2 provide support to see your database on web browser. or we can say that H2 console helps to access the database from a browser.
Q- How do I download H2 Database in spring boot application?
you don't need to download and setup this. you just need to add dependency for H2 Databse in pom.xml. Spring will Auto Configure the same.
Q- How do I restore my h2 database?
One you restart you application it will restart automatically. because it is created database while application start and gets destroyed on stopping or shutdown the application.
Q- How does h2 Database connect to spring boot application?
Go to https://start.spring.io/ to generate spring boot project with following.
Choose Group like com.javaiq.springboot.example
Choose Artifact like spring-boot-h2-database-jpa-hibernate
Choose following dependencies
- Web
- JPA
- H2
- DevTools
Go to : File -> Import -> Existing Maven Project.
Note:- you will see as below dependency in your pom.xml
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
H2 provides a web interface called H2 Console to check your data. To enable h2 console add as given below into the application.properties./src/main/resources/application.properties
# H2
spring.h2.console.enabled=true
spring.h2.console.path=/h2
Add Datasource into application.properties
# Datasourde details
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driverClassName=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
http://localhost:8080/h2-consoleOr
http://localhost:8080/h2/
How to use H2 in unit testing:
First of all you need to add the dependencies for your database driver like if you are using ( MYSQL Database) then make the dependency for h2 test scoped.
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>test</scope>
</dependency>
Wednesday, April 24, 2019
Spring Interview Questions
Q- What is advantages of Spring Framework? or What are the features of spring framework?
There are following the major features of Spring Framework:
- Lightweight: Spring is lightweight in size and transparency.
- Inversion of control (IOC): Give the control to the container to create objects instead of creating object using new keyword and looking for dependent objects. This is called Inversion of Control.
- Dependency Injection (DI): This feature of the Spring Framework allows us to build loosely coupled applications. its means inject the dependeny into the object.
- Aspect oriented Programming (AOP): Aspect oriented programming (AOP) is an approach to programming that allows global properties of a program to determine how it is compiled into an executable program. Aspect oriented programming in spring, supports cohesive development by separating application business logic from system services. In AOP, aspects enable to modularization of concerns such as transaction management, logging or security that cut across multiple types and objects (known as crosscutting concerns)
- Container: The Spring IoC container is the core of the Spring Framework. The container will create the objects, wire them together, configure them, and manage their complete life cycle from creation till destruction. Type of spring containers – BeanFactory, ApplicationContext and WebApplicationContext.
- MVC Framework: Mvc is a spring module, Spring MVC is used to build web application. mvc framework is highly configurable. Its use DispatcherServlet as a front controller.
- Transaction Management: its generic abstraction layer. its use in transaction management provided by the Spring Framework.
- JDBC Exception Handling: The JDBC abstraction layer of spring framework offers an exception hierarchy, which help to simplify the error handling strategy.
- Integration With Other Frameworks: its easy to work with other frame work. For example, this could include IBATIS, Hibernate, Toplink, etc.
Spring is a framework. This is used to connect different components together to build application or web application. Spring Framework is an open source framework and inversion of control container for the Java platform
The spring framework have many modules such as core, beans, context, expression language, AOP, Aspects, Instrumentation, JDBC, ORM, OXM, JMS, Transaction, Web, Servlet, Struts etc...
MVC (Model-View-Controller) is a spring module. Its implements the DispatcherServlet. DispatcherServlet work as front controller.
Q- What is the spring bean lifecycle in java?
Answer : Spring Bean Lifecycle
Q- What are the different types of spring containers?
There are three type of containers in spring.
- BeanFactory Container: This is the base contener. its parent of ApplicationContext.
- ApplicationContext Container: Used to build non-web application. The ApplicationContext interface is built on top of the BeanFactory interface. It has extra functionality than BeanFactory.
- WebApplicationContext Container: used to create web application. WebApplicationContext has javax.servlet.ServletContext it's able to communicate with the container.
Q- BeanFactory Vs ApplicationContext Vs WebApplicationContex ?
Q- Difference between ContextConfigLocation and ContextLoaderListener?
Q- What is the difference between DispatcherServlet and ContextLoaderListener in spring?
Q- Can we have multiple ApplicationContext in spring?
Q- Can we have more than one configuration file in Spring MVC?
Q- Can you have two bean ids in spring?
Q- Can we have two beans with same name in spring?
Q- What is difference between ID and name in spring?
Q- Can we have multiple dispatcher servlet in Spring MVC?
Q- What is root context in Spring MVC?
Q- Why spring bean scope is singleton by default?
Q- Is Singleton bean thread safe?
Q- What is the scope of stateless bean in spring?
Q- Are spring Services thread safe?
Q- How bean is created in spring?
Q- What should you know in spring?
- IoC Containers
- IoC vs. DI
- Bean Scopes
- Bean Life Cycle
- Bean Postprocessors
- Autowiring
- Autowire: autodetect, byName, byType, constructor
- ResourceLoader
- Final Static Beans
- Static Factory
- FactoryBean
- @Configuration
- @Required
- @Scheduled
- Timer Task
- JavaMailSenderImpl
- Version-less Schema
- Pub Sub
- Best Practices
- ResourceBundleMessageSource
- CustomEditorConfigurer
- @Component, @Repository, @Service and @Controller
- Spring AOP
- Spring Boot Interview Questions
- Spring Framework Annotations
- Spring Boot Microservices Architecture
- Spring Boot Security Using OAuth 2
- Spring Boot Security Using JWT
- Spring boot interview questions part-1
- Spring Boot Interview Questions Part-2
- Spring Boot Interview Questions Part-3
- Spring Boot Interview Questions Part-4
- Spring Boot Interview Questions Part-5
- JUnit Testing REST Services and Spring MVC
Wednesday, April 3, 2019
Spring Interview Questions
Answer :- There are some below design patterns used in spring framework
- Dependency injection/ or IoC (inversion of control) :-
- Factory design pattern :-
- Proxy design pattern :- Used in spring AOP.
- Singleton design pattern :-
- Model View Controller design pattern :-
- Front Controller design pattern :-
- View Helper design pattern :-
- Template method design pattern :-