This project is a pure REST API demo, exposing just a couple of protected endpoints. It is based on Java version 17, and the latest releases of Spring Boot 3.2.1 (announced on DECEMBER 19, 2023) and Spring Security 6.2.1 (announced on DECEMBER 21, 2023). It shows the 4 very basic beans required for the default JDBC-based Authentication for implementing a fundamental custom security configuration class based on the SecurityFilterChain. You can use it as a base repo for further customizations.
A case-study using a Custom implementation of the “weird” UsernamePasswordAuthenticationFilter, as @Component. This is actually the case when an auto-created bean (e.g.: an AuthenticationManager instance in a @Configuration annotated class) is required in a @Component annotated class (e.g.: a custom filter extending the UsernamePasswordAuthenticationFilter filter), and then, the bean of the @Component custom filter class is required in the @Configuration class.
A thorough step-by-step guide on how you can implement a custom filter, based on the “weird” UsernamePasswordAuthenticationFilter, for handling both: Basic Authentication and JWT Bearer token Authorization.
A deeper intro about what is behind the scenes of the Spring authentication/authorization process, integrating also concepts like filters, tokens, customizations for an Authentication Manager or an Authentication Provider, and so on.
Pass from deprecated WebSecurityConfigurerAdapter to the new component-based (bean-based) security configuration, in an easy and understandable way.
This is the 4th in a series of posts which focuses on how we can create and use a CustomAutenticationProvider and use it with a password verification stored procedure.
Here is a quick intro about .antMatchers(), as well as user roles and authorities.
This is the 2nd part (the 2nd case example) of how to implement a custom validation in Spring Boot. In this Post we proceed with the implementation of a “master-details” custom validation example, as we’ve mentioned at the beginning.
In this post, we focus on a common case, when we have to check if a value in a JSON field, passed in the body of a POST request, is one of the values provided in an array we define.