The article argues that Java teams moving AI into production must shift focus from model strength to robust OAuth2 authentication, fine‑grained permission boundaries, and security modeling, as these factors now determine whether AI capabilities can be safely integrated into enterprise systems.
This article walks through creating a complete login authentication system—including registration, login, token refresh, and permission control—by replacing Spring Security's default session handling with JWT, configuring backend filters and utilities, and integrating a Vue 3 + Pinia front‑end with automatic token renewal.
This guide explains how to add MFA to a Spring Boot 3 application using password plus one‑time token authentication, covering the theory of MFA factors, required dependencies, API definitions, security configuration, token‑generation handling, custom login pages, and the complete verification flow with code snippets and screenshots.
This article compares three popular Java security frameworks—Spring Security, Apache Shiro, and Sa‑Token—by examining their architecture, advantages, drawbacks, typical use cases, and providing a detailed side‑by‑side comparison to help developers make an informed framework selection.
Spring Authorization Server has been integrated into Spring Security 7.0, ending its independent lifecycle; the article explains the three historical eras, the reasons for the merge, and provides concrete dependency and configuration changes—including Lambda DSL updates—to help developers migrate from SpringBoot3 to SpringBoot4 with minimal effort.
This article compares three popular Java security frameworks—Spring Security, Apache Shiro, and Sa-Token—by examining their architectures, code examples, advantages, drawbacks, and ideal use‑cases, helping developers decide which solution best fits their project's requirements.
This tutorial walks you through creating a scalable, stateless authentication and authorization solution for Spring Boot 3.x applications using JWT, covering project setup, token generation, method‑level security, automatic token renewal, blacklist handling, and common troubleshooting tips.
This step‑by‑step guide shows how to integrate Spring Security into a Spring Boot project, configure Maven dependencies, define User, Role and Permission entities, set up MyBatis mappers, implement JWT generation and validation, and build the service, controller, and configuration layers for a complete authentication system.
This article explains why authentication loops occur when external user tokens and internal service tokens are handled together in Spring Security, and provides a step‑by‑step solution using distinct headers, custom filters, and Feign interceptors to break the cycle.
This guide explains the major changes when moving from Spring Boot 2.x to 3.x, covering JDK requirements, full Jakarta EE package renaming, third‑party library compatibility, Spring Security redesign, configuration adjustments, testing updates, new features, and step‑by‑step migration recommendations.
This tutorial walks you through adding Spring Security to a Spring Boot project, from adding the starter dependency and creating a simple controller to observing the default login page, understanding the auto‑generated password mechanism, and customizing usernames and passwords for production use.
This article explains how a comprehensive, full‑stack security approach using Spring Security—covering request sanitization, parameterized queries, and built‑in authentication, authorization, CSRF and session safeguards—can dramatically reduce XSS and SQL injection vulnerabilities to near zero.
This article walks through the fundamentals of role‑based access control (RBAC), explains RBAC model variants, demonstrates how to configure Spring Security with in‑memory, database, and JWT authentication, and shows JSON‑based login and password encryption techniques for secure backend development.
This article explains the various interception mechanisms in Spring Boot 3—including Filters, Spring Security filters, MVC Interceptors, AOP, ControllerAdvice, Request/ResponseBodyAdvice, and REST Clients—provides execution flow diagrams, detailed code examples, and practical usage tips for building robust backend applications.
This article demonstrates how to integrate Spring Security into a Spring Boot application, configure JWT‑based authentication, implement custom AES encryption, define user and role entities, set up service and controller layers, and configure security, filter, and CORS settings to achieve secure login and permission management.
This article explains why both front‑end and back‑end data validation are essential for secure and user‑friendly web applications, introduces Java Bean Validation annotations, shows how to integrate them with Spring MVC, and compares common Java permission‑control frameworks such as Spring Security, Shiro and Sa‑Token.
This guide explains how to integrate Redis with Spring Security and OAuth2 to create a distributed, stateless authentication system that supports multiple client types, details request encryption, token generation, persistence, and the complete server‑side login flow.
This guide explains Spring Security 6.4’s one-time token login feature, covering its concept, authentication flow, core components, and step‑by‑step implementation with code samples, enabling developers to add secure magic‑link authentication to Spring Boot applications.
This article announces a Spring Boot 3 case collection with 90 permanent examples, then walks through extending Spring Security login to include domain verification by defining a User entity, repository, custom filter, security configuration, Thymeleaf login page, controller, and test endpoint, complete with code snippets and screenshots.
Spring Security 7.0 drops the traditional chain‑style configuration in favor of a new Lambda DSL, offering clearer hierarchy, type safety, and IDE support; the article explains the breaking change, compares old and new syntax, provides migration examples, and shares tips for custom DSLs and WebFlux security.
This article explains the concepts and models of Role‑Based Access Control (RBAC), demonstrates how to configure RBAC permissions in Spring Security, and provides step‑by‑step Java code for integrating JWT authentication, password encryption, and custom login filters for secure backend development.
This article explains how to implement One-Time Token (OTT) authentication in Spring Boot 3.4 using Spring Security, covering environment setup, required dependencies, security configuration, token generation handlers, custom storage options, custom login pages, and testing procedures with complete code examples.
This comprehensive tutorial explains RBAC concepts and models, demonstrates basic Spring Security setup, shows how to integrate JWT for stateless authentication, covers JSON‑based login, password encryption with BCrypt, and database‑backed authentication, providing full code examples for each step.
This article explains the concepts of role‑based access control (RBAC), compares RBAC models, shows how to configure permissions and user groups, and provides step‑by‑step code examples for integrating Spring Security with JWT, JSON login, password encryption and database authentication in Java backend applications.
This guide walks you through why Java remains vital, explains what Spring Boot is, outlines its core features, and provides a detailed learning roadmap covering Java fundamentals, Spring core concepts, web development, AOP, microservices, databases, security, DevOps tools, and deployment strategies for building robust enterprise applications.
This tutorial walks through RBAC fundamentals, model classifications (RBAC0‑3), permission and user‑group concepts, then demonstrates practical Spring Security setups including in‑memory authentication, JWT integration, JSON‑based login, password encryption with BCrypt, and database‑backed authentication, providing complete code examples.
This article provides an in‑depth analysis of Spring Security 6.x architecture, explaining its filter‑chain design, authentication and authorization mechanisms, key components such as DelegatingFilterProxy, FilterChainProxy, SecurityFilterChain, and offers code examples and practical guidance for developers.
This article explains the concepts and models of Role‑Based Access Control (RBAC), demonstrates how to configure Spring Security for in‑memory and JWT‑based authentication, and provides complete Java code examples for permissions, user groups, password encryption, and custom login filters.
This article provides a comprehensive analysis of Spring Security 6's architecture, explaining how the framework uses a chain of servlet Filters, the DelegatingFilterProxy, and the SecurityFilterChain to implement authentication, authorization, and protection against common attacks, while also offering practical debugging tips and configuration guidance.
This article explains the new authorization features of Spring Boot 3.3 and Spring Security 6.3, including dynamic annotation parameters, return‑object protection for data security, and custom 403 error handling with code examples and practical guidance.
This tutorial walks through enabling Spring Security method-level protection in a Spring Boot 2.7.16 project, covering @EnableGlobalMethodSecurity, role and authority checks, custom PermissionEvaluator, parameter access, custom annotations, and bean‑based permission rules with practical code examples.
This article explains the core architecture of Spring Security 6.x, detailing how a chain of servlet Filters implements authentication and authorization, the role of DelegatingFilterProxy, SecurityFilterChain, and the extensible components such as AuthenticationManager, UserDetailsService, and PasswordEncoder.
This article provides a comprehensive analysis of Spring Security 6.1, covering its core architecture, the role of FilterChainProxy, detailed authentication and authorization flows, key interfaces such as SecurityFilterChain, AuthenticationManager, and practical code examples to help developers understand and debug the framework.
This article demonstrates how to secure a Spring Boot 2.7.7 application using JWT, Spring Security, and a custom SM4‑based PasswordEncoder, covering dependency setup, security configuration, custom authentication components, token validation filter, and a login endpoint implementation.
This article explains the fundamentals of Role‑Based Access Control (RBAC), its model classifications, permission concepts, and user‑group usage, then demonstrates how to implement RBAC in a Spring Security application, including in‑memory authentication, JWT integration, JSON login, and password encryption techniques.
This comprehensive guide walks you through the concepts of Single Sign-On, the mechanics of JWT, RSA asymmetric encryption, and step‑by‑step integration of Spring Security with JWT, providing full Maven project setup, configuration files, utility classes, custom filters, and testing instructions for a robust distributed authentication system.
This article explains the fundamentals of role‑based access control (RBAC), its model variants, and user‑group usage, then demonstrates how to configure Spring Security with in‑memory authentication, integrate JWT for stateless token‑based authentication, customize JSON login, and securely encrypt passwords using BCrypt.
This article walks through Spring Security fundamentals, covering authentication mechanisms, authorization configuration, dependency setup, custom user details with database integration, and how to replace the default login page with a custom one, all illustrated with code snippets and screenshots.
This article walks through upgrading the open‑source Mall e‑commerce system to Spring Boot 3 and JDK 17, covering dependency version updates, migration from SpringFox to SpringDoc, new Spring Data Elasticsearch usage, revised Spring Security configuration, Docker deployment tips, and essential code changes.
This article demonstrates how to integrate JWT token authentication and role‑based access control (RBAC) into a Spring Boot backend using Spring Security, covering model classification, dependency setup, user details implementation, token utilities, filters, configuration, and login handling with code examples.
This tutorial explains RBAC concepts and model classifications, demonstrates permission and user‑group management, and provides step‑by‑step guidance for implementing Spring Security with in‑memory authentication, JWT integration, JSON login, password encryption, and database authentication using Java code examples.
This article explores how to create and use custom authorization annotations in Spring Security to achieve more flexible, expressive, and maintainable permission checks, covering the basics of Spring Security, advantages of custom annotations, step‑by‑step implementation, and additional use‑case scenarios.
This article explains what CSRF attacks are, how they exploit authenticated browsers through forged requests, outlines the three essential conditions for a successful attack, and presents practical defense measures such as token validation, cookie handling, secondary authentication, and code examples in Java and JSP.
This guide explains why upgrading from Spring Boot 2.x to 3.x is essential, outlines the required JDK 17 migration, Spring Boot version bump, configuration property changes, Jakarta EE transition, and updates to Spring Security, Kafka, RestTemplate, and OpenAPI integration, providing code examples for each step.
This tutorial explains how to secure a Spring Boot REST API using API key authentication, covering the addition of Maven dependencies, creating a custom filter, extending AbstractAuthenticationToken, configuring the security filter chain, and testing the protected endpoint with curl commands.
This guide explains how Spring Security configuration changed after version 5.7, covering the shift from WebSecurityConfigurerAdapter to SecurityFilterChain beans, multiple filter chain setup, in‑memory user definitions, custom authorization decisions, and shared authentication components, with full code examples.
This article walks through the complete process of implementing a custom login authentication in Spring Boot, including custom authentication filters, success/failure handlers, a token stored in Redis, role‑based URL security, and detailed configuration of Spring Security headers and session handling.
This article provides a step‑by‑step guide to implementing custom login authentication in a Spring Boot application, including Redis‑backed session storage, token handling, security headers, and fine‑grained role‑based URL permission checks using custom filters and handlers.
This guide walks developers through upgrading from Spring Boot 2.x to 3.x, covering JDK 17 migration, pom.xml changes, configuration property updates, Jakarta EE transition, security reconfiguration, Kafka template adjustments, and OpenAPI integration, with code examples for each step.
An in‑depth Spring Security guide covering custom configurations, authentication providers, user‑details services, path‑based authorization, role hierarchies, exception handling, custom filters, multiple filter chains, method security, internationalization, and session management, complete with practical code examples for Spring Boot 2.7.
This article explains how to combine Spring AOP and Spring Security in a Spring Boot 2.7.12 application to implement permission verification, covering concepts, required dependencies, custom filters, annotations, aspect logic, global exception handling, test endpoints, JWT token handling, and extensions for SpEL‑based role checks.
This comprehensive guide walks you through setting up Spring Security in a Spring Boot project, configuring password encoding, implementing JWT-based authentication, building custom login and logout endpoints, managing user details with MyBatis Plus, and applying role‑based access control with custom permission handlers, all illustrated with complete code examples.
This article explains the fundamentals of Role‑Based Access Control (RBAC), its model variants, permission concepts, and user‑group usage, then demonstrates practical Spring Security setups ranging from simple in‑memory authentication to JWT integration, JSON‑based login, password encryption, and database‑backed authentication with full code examples.
This article explains the fundamentals of Single Sign‑On (SSO) and OAuth2.0, compares their token‑based authentication mechanisms, details typical implementation flows such as CAS, and clarifies the distinctions among SSO, OAuth2, JWT, Spring Security and Shiro, while also noting related promotional content.
This tutorial explains how to integrate Spring Security with JWT in a Spring Boot application, covering authentication and authorization concepts, filter chain principles, project setup, dependency configuration, security configuration classes, custom token filters, and the complete request‑authentication flow.
This article explains the eight built‑in Spring Security permission annotations, how to enable them with @EnableGlobalMethodSecurity, provides Java code examples for each annotation, and demonstrates their practical use in the Codeape Chronic Disease Cloud Management System for fine‑grained microservice authorization.
When upgrading Spring Boot to patch CVE‑2023‑34034 and CVE‑2023‑34035, applications using Spring Security may encounter a startup error indicating ambiguous pattern detection, which can be resolved by upgrading to patched versions and adjusting requestMatchers to use MvcRequestMatcher or AntPathRequestMatcher as appropriate.
This tutorial explains how to secure REST APIs by implementing API‑key based authentication using Spring Security, covering the necessary Maven dependencies, custom filter creation, token handling, security configuration, controller setup, and testing with curl commands.
This tutorial explains how to secure a Spring Boot REST API using API‑key authentication by adding the necessary Maven dependency, creating a custom filter, extending AbstractAuthenticationToken, configuring Spring Security, implementing a controller, and testing the endpoint with and without the API key.
This article explains how to replace JWT with a Redis‑backed Spring Security OAuth2 solution, detailing token storage, client types (WEB, PDA, PAD, patient app, mini‑program), password‑mode login requests, encryption of credentials, gateway filters, authentication converters, providers, token generation, persistence in Redis, and success handling, all illustrated with code snippets and diagrams.
This tutorial explains how to secure a Spring Boot REST API using API key authentication, covering the addition of Maven dependencies, creating a custom filter, extending authentication tokens, configuring the security filter chain, and testing the protected endpoint with curl.
This article explains how the Codeape chronic disease cloud management system implements role‑based access control (RBAC), detailing the underlying data models, permission types, Spring Security annotations, department/ward permission handling for both web/PAD clients, and the associated Java code snippets.
This article walks through the complete design and implementation of a reusable permission module for a Java e‑commerce backend, covering functional design, database schema, API contracts, and key technical points such as Spring Security, JWT authentication, and Redis‑based performance optimizations.
This tutorial shows how to integrate Keycloak 21.1.1 with Spring Boot 3.1 and Spring Security, covering realm and client setup, token acquisition, Maven dependencies, JWT configuration, a protected test endpoint, and verification of authentication behavior.
This guide explains how to add two‑factor authentication to a Spring Security‑based Java web application using Google Authenticator, Authy, or a custom TOTP module, covering configuration, code implementation, and testing procedures.
This article explains how to add two‑factor authentication to a Spring Security‑based Java web application by integrating Google Authenticator, Authy, or a custom TOTP module, covering required dependencies, service implementations, security configuration, and testing procedures.
This article explains OAuth2 fundamentals, key terminology, and authorization flows, then guides you through setting up database tables, Spring Boot dependencies, resource and authorization server configurations, multiple grant types, token refresh, permission checks, and common pitfalls, providing complete code snippets and diagrams for a practical implementation.
This article provides a comprehensive guide to configuring Spring Security in a Java backend, covering Maven dependencies, global security settings, JWT token parsing, custom authentication providers, user details services, dynamic URL permission metadata, access decision management, and custom handlers for login, logout, and error responses, along with sample application.yml and database schema.
This article demonstrates how to integrate account username and WeChat web‑authorization login into a Spring Security application by configuring custom authentication providers, filters, tokens, and handlers, allowing users to log in without a password while leveraging WeChat OpenID verification.
CVE‑2023‑20860 reveals that using the '**' pattern with Spring Security’s mvcRequestMatcher can cause mismatched routing and a potential security bypass, and the advisory details affected Spring Framework versions, mitigation steps, and how to upgrade via Gradle or Maven.
This article provides a comprehensive analysis of Spring Security's authentication mechanism, detailing the filter chain, core components such as SecurityContextHolder, AuthenticationManager, ProviderManager, and AuthenticationProvider, and illustrating the step‑by‑step flow of username‑password verification with extensive code examples.
This article provides a comprehensive walkthrough of Spring Security’s authentication mechanism, detailing the filter chain, core security components, and the underlying source‑code flow—from UsernamePasswordAuthenticationFilter through AuthenticationManager, ProviderManager, and DaoAuthenticationProvider—illustrated with code examples and diagrams.
This comprehensive guide walks you through Spring Security fundamentals, setting up a Spring Boot project, configuring authentication with JWT and Redis, implementing RBAC permission management, customizing error handling, enabling CORS, and addressing CSRF, providing complete code examples and detailed explanations for secure backend development.
This tutorial walks through building a single sign‑on (SSO) solution using OAuth2, Spring Security, and JWT in a Java Spring Boot backend, covering preparation, Maven dependencies, server and client configurations, custom login pages, token handling, logout strategies, project structure, and a full demo with source code.
This article provides a step‑by‑step guide on building a Single Sign‑On solution using OAuth2, JWT tokens, and Spring Security within a Spring Boot application, covering the underlying concepts, Maven dependencies, configuration files, server setup, client integration, and logout handling.
This tutorial walks through setting up Spring Security with JWT in a Spring Boot project, covering environment configuration, Maven dependencies, custom authentication handlers, permission evaluation, JWT filtering, and testing, providing complete code examples and explanations for building a robust backend authentication system.
This article explains the principles of Single Sign-On (SSO) and OAuth2.0, compares their concepts, outlines typical SSO workflows using CAS, details OAuth2.0 authorization code flow, clarifies terminology differences, and discusses related security frameworks such as Spring Security and Shiro.
This article explains RBAC concepts and model classifications, demonstrates basic Spring Security setup, shows how to configure in‑memory and database authentication, integrates JWT for stateless token‑based access, implements JSON‑based login, and covers password encryption with BCrypt in a Spring Boot backend.
This article provides a detailed tutorial on Spring Security, covering its core concepts, project setup, authentication flow, custom user details service, password encoding, login handling, role-based access control, CSRF protection, and integration with Thymeleaf, complete with code examples.
This article explains the fundamentals of Role‑Based Access Control (RBAC), its model variants, permission concepts, and user‑group usage, then demonstrates practical Spring Security setups including basic configuration, JWT integration, JSON‑based login, password encryption, and database authentication with complete code examples.
This article provides a step‑by‑step guide to building a Spring Boot permission management system using Spring Security, Spring Data JPA, Thymeleaf and Bootstrap, covering database design, entity classes, Maven setup, security configuration, dynamic menu loading, front‑end rendering and testing with full source code examples.
This comprehensive tutorial explains RBAC concepts, model classifications, and permission handling, then walks through implementing Spring Security with in‑memory authentication, JWT integration, custom JSON login filters, password encryption, and database‑backed authentication, providing complete code examples and configuration details.
This article provides a comprehensive tutorial on role‑based access control (RBAC) concepts, model classifications, permission definitions, user‑group usage, and step‑by‑step implementations of Spring Security, JWT integration, JSON login, password encryption, and database authentication with extensive code examples.
This article explains why JWT is not ideal for logout and token renewal, recommends using a Redis‑backed token store, and provides three Redis‑based blacklist implementations with detailed Java code snippets for extending JwtTokenStore, custom converters, and global filters in Spring Security OAuth2.
This comprehensive guide walks you through Spring Security fundamentals, authentication flow, project setup, custom user details, password encoding, login handling, 403 error pages, remember‑me functionality, method security annotations, and CSRF protection, providing clear code examples for each topic.
This article provides a step‑by‑step tutorial on building a unified authentication center with Spring Security OAuth2, covering project module planning, authorization and resource server configuration, client module setup, gateway integration, and custom security components, complete with Maven dependencies and Java code examples.
This guide demonstrates how to implement Spring Security authentication and authorization using web expression-based rules, custom beans, path variables, multi‑condition expressions, and advanced @PreAuthorize methods, including parameter‑based checks, custom annotations, and custom logic services within a Spring Boot 2.4 application.
This article explains the differences between hashing and encryption, demonstrates Java's built‑in hash implementations, discusses the insecurity of MD5 and rainbow‑table attacks, and provides a detailed guide on using BCrypt with Spring Security, including code examples and the PasswordEncoder interface.
This guide walks through Spring Security fundamentals, including its core authentication and authorization mechanisms, project setup with Maven, customizing usernames, implementing UserDetailsService, creating custom PasswordEncoders, configuring login handling, role and authority checks, CSRF protection, remember‑me functionality, and using security annotations.
This tutorial demonstrates how to secure Spring Boot REST endpoints using Spring Security, covering URL‑based rules, enabling method‑level security, and applying @PreAuthorize, @RolesAllowed, and @Secured annotations for precise access control.
This tutorial demonstrates how to set up a Spring Security FormLogin authentication flow, including creating a demo project, customizing the login page, configuring security rules, defining users and roles, and testing the login process with custom success and failure handlers.
This guide walks through configuring Spring Security with a custom AuthenticationProvider that authenticates users against a database, covering environment setup, core filter mechanics, custom UserDetails, UserDetailsService, PasswordEncoder implementations, and bean configuration with full code examples.
This article explains how Spring Security builds its core FilterChainProxy and DefaultSecurityFilterChain, outlines three ways to create custom security filter chains, and demonstrates how to implement and register a custom filter within the Spring Security filter chain.
This article provides a comprehensive guide to Role‑Based Access Control (RBAC) concepts, model classifications, and permission management, then walks through practical Spring Security setups—including basic usage, in‑memory authentication, JWT integration, JSON‑based login, password encryption, and database‑backed authentication, complete with code snippets and diagrams.
This guide explains how Spring Security processes authentication and authorization failures, walks through the default exception flow, and demonstrates multiple ways to customize error handling—including custom failure handlers, access‑denied pages, and JSON responses—using Spring Boot 2.4.12.
This article provides a comprehensive guide on implementing role‑based access control (RBAC) with Spring Security, covering RBAC models, password encryption, in‑memory authentication, JWT integration, custom authentication filters for JSON login, and detailed configuration examples with full source code snippets.
This tutorial demonstrates how to configure Spring Security to selectively intercept requests, permit static resources, enforce role‑based access, and replace the default login page with a custom Thymeleaf view, complete with code examples and screenshots.
This article explains RBAC concepts and model classifications, demonstrates role‑based permission management, and provides step‑by‑step guides for using Spring Security with simple authentication, JWT token generation, JSON‑based login, password encryption, and database‑backed user authentication in Java applications.
This tutorial walks through configuring Spring Security 5.4 on Spring Boot 2.4, demonstrating how to set up in‑memory user credentials, handle CSRF tokens during GET and POST requests, and customize the security filter chain to enable or disable CSRF protection.
This article provides a comprehensive step‑by‑step guide on building a permission management system with Spring Security, covering database design, entity classes, Maven configuration, security configuration, dynamic menu loading, front‑end rendering using Thymeleaf, and complete testing with sample code and screenshots.
