This article explains how Spring Security’s HttpSecurity class maintains the order of its built‑in filters using FilterOrderRegistration, demonstrates the registration and retrieval logic with code examples, and clarifies how duplicate orders are resolved during filter sorting.
This article explains the core roles of HttpSecurity and WebSecurity in Spring Security, how they build and manage SecurityFilterChain objects, the purpose of FilterChainProxy, and why WebSecurity serves as the framework’s external entry point while HttpSecurity defines internal security policies.
This guide explains how to create a custom Spring Security filter, extend GenericFilterBean, and precisely position it within the default filter chain using HttpSecurity’s addFilterBefore, addFilterAfter, or addFilterAt methods, complete with code examples and configuration steps.
This tutorial walks you through setting up a Spring Boot project with Spring Security, explains the @EnableWebSecurity annotation, shows how to extend WebSecurityConfigurerAdapter, demonstrates overriding configure(AuthenticationManagerBuilder) and configure(HttpSecurity) methods with concrete code examples, and provides a concise reference table of common HttpSecurity methods.
This article breaks down Spring Security’s three core Java configuration components—@EnableWebSecurity, WebSecurityConfiguration, and AuthenticationConfiguration—explaining how they replace XML setup, register the security filter chain, build the AuthenticationManager, and enable fine‑grained HttpSecurity rules such as path protection, form login, logout, CSRF, and security headers.
