SteirsetSecrty-2 ‘There are various types of attacks: + CSRS (Cross-Site Request Forgery) + CORS (Cross-Origin Resource Sharing) + SAL Injection + XSS (Cross-Site Scripting) ‘And we need to protect our resources from these attacks, and for that we need proper: ‘+ Authentication : Verify who you are ‘+ Authorization : Checks what you are allowed to do ‘That's where Spring boot Security comes into the picture, ‘Architecture of Spring Boot Security In video no #28, we have already seen, what are filters and where exactly they fitaT fieiary C ata) Now, lets enhance it for understanding Spring SecuritySecurity Filter Chain t » [iapeseroeis _SecurttyContent ‘— [uthentication Provider W (manog If spring boot project is already present, add below dependencies: Provides cone etureieIf setting up new Spring boot project: Go to spring initializer Le. "start.springio Tiroewey otwen Once © \‘And if we want to persist the session in relational D8, then we need to add below degendency in pom.xml Peers Now, lets understand the end to end flow with an example for each individual Authentication and Authorization mechanism: 1. Form Login (Stateful) 2, Basic Authentication (Stateless) 3. WT (stateless) 4. OAuth? I. Authorization Code (Stateful or Stateless) Wi. Client Credentials (Stateless) il, Password Grant { Stateless) 5. APL Key Authentication (Stateless) ete