SPRING SECURITY

Spring Security is a powerful and customizable authentication and access-control

framework.
Features:
1. Authentication
2. Authorization
3. Protection against attacks: like CSRF(Cross site request forgery)
4. Session Management: Session Timeouts
5. Password Encoding: BCrypt
AUTHENTICATION: Verify the identity of users trying to access applications.
AUTHORIZATION: Control access to resources based on user roles and
permissions.
STATEFUL:
1. Server maintains the state of the client across multiple requests.
2. Session Management
3. Apps rely only on server side session objects to manage sessions
4. Traditional Apps used this
5. Easy to manage complex interactions as state is maintained.
6. Scalability issues, load balancing required.
STATELESS:
1. Server does not maintain state between requests. Request from client
contains all info.
2. No Session Management
3. REST APIs use this as they don’t need sessions
4. Apps authenticate user each time a request is sent
5. Scalable
6. Request must contain all info, increased payload.

STATEFUL SECURITY: Involves session-based authentication and server-side

storage of user details.
STATELESS SECURITY: token carries all necessary user information, and the server
verifies it without maintaining session data.

CORS Cross Origin Resource Sharing. Client Side

CSRF Cross-Site Request Forgery. Server Side

Spring Security
1. Overview
o Authentication vs. Authorization

o Spring Security architecture

2. Security Configurations
o WebSecurityConfigurerAdapter and configuring security

o Method security (@PreAuthorize, @Secured)

o CSRF protection and CORS configuration

3. Authentication Mechanisms
o In-memory, JDBC, and custom authentication providers

o Password encoding and hashing (BCrypt)

o JWT authentication and stateless sessions

4. Access Control
o Role-based access control (RBAC)

o Securing URLs and resources

5. Stateful vs statelase security

6. LDAP: Lightweight directory Access Protocol
7. Encoding vs encryption\
8. Why spring security