Skip to content
/ Spring-Security-Tasks-Solution Public

Master Spring Security by practice. spring security tasks and solutions. you can find tasks description at the README file. freely use, modify, and distribute the code.

License

BSD-2-Clause license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tawfik-s/Spring-Security-Tasks-Solution

BranchesTags

Repository files navigation

Spring Security Tasks Solution

Test and enhance your Spring Security expertise with this comprehensive quiz!
Each task challenges you to configure Spring Security for a specific use case, providing a hands-on approach to mastering real-world scenarios.

Spring Security Architecture diagram

SpringSecurityArchitectureDiagram.svg

🌟 Features

  • 📚 Practical tasks for mastering Spring Security.
  • 🛠️ Real-world use cases to boost your confidence.
  • 💡 Opportunity to experiment with different configurations.

📝 Tasks Overview

🔒 Task 1: Basic Authentication

Configure a Spring Boot application with Spring Security to:

  • Require username and password authentication for all endpoints.
  • Use in-memory user details with roles USER and ADMIN.

🛡️ Task 2: Role-Based Access Control

Implement role-based access control:

  • USER can access /user/**.
  • ADMIN can access /admin/** and /user/**.
  • Restrict /admin/** to only ADMIN users.

✨ Task 3: Custom Login Page

  • Create a custom login page to replace the default form-based login.
  • Redirect users to different pages after login based on their roles.

🔑 Task 4: Password Encoding

  • Integrate a password encoder (e.g., BCryptPasswordEncoder) to hash and verify passwords stored in a database.
  • Use a database to manage user details instead of in-memory users.
  • Use Spring Security's SecurityContext to pass user details into a service layer.
  • Create a custom user details service to load user data from a database.

📜 Task 5: JWT Authentication

  • Configure the application to use JWT for authentication.
  • Implement token generation and validation.
  • Secure endpoints using JWT tokens.

    Note: The solution uses the JJWT library, but you can explore other options like Auth0.

🌐 Task 6: OAuth2 Login

  • Set up OAuth2 login with GitHub & Google as an identity provider.
  • Allow users to log in using their GitHub accounts.
  • Allow users to login using their Google sccounts

📋 Task 7: Method-Level Security

  • Enable method-level security annotations.
  • Use @PreAuthorize and @PostAuthorize to secure specific methods in a service.

🔒 Task 8: CSRF Protection

  • Enable CSRF protection in the application.
  • Configure CSRF tokens for form submissions.

📂 Task 9: LDAP Authentication

  • Configure the application to authenticate users against an LDAP server.

🐱‍💻I will Add More Tasks to the Repo Stay Watching the Repo

🛠️ How to Contribute

Feel free to fork the repository, enhance the solutions, or even add new tasks!

📢 Acknowledgments

This project is inspired by the need to bridge the gap between learning concepts and applying them in real-world scenarios. Let's code securely!

Happy Learning! 🎉 And Don't forget to KISS 💋💋 (keep it simple stupid)

About

Master Spring Security by practice. spring security tasks and solutions. you can find tasks description at the README file. freely use, modify, and distribute the code.

Topics

java security oauth jwt oauth2 spring spring-boot tasks spring-security csrf jwt-authentication spring-security-oauth2 oauth2-client google-oauth2 bycrypt preauthorize github-oauth2 method-level-security method-level-authorization

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages