BestHub
Sign in
Java Architecture Diary
Java Architecture Diary
Feb 19, 2025 · Information Security

How Spring Security 6.4’s One-Time Token Login Enhances Security and UX

Spring Security 6.4 introduces One-Time Token Login, allowing users to authenticate via a magic link sent by email instead of passwords; the article explains its core concepts, token lifecycle, essential components, and provides step‑by‑step code examples for configuring and implementing this secure, user‑friendly authentication method.

AuthenticationJavaMagic Link
0 likes · 5 min read
How Spring Security 6.4’s One-Time Token Login Enhances Security and UX
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Jun 13, 2024 · Backend Development

Master SpringBoot 3.2.5: 9 Essential Techniques to Access Request Data

This tutorial demonstrates nine practical ways to handle SpringBoot 3.2.5 request data, including Optional‑wrapped parameters, direct Servlet API access, retrieving the authenticated Principal, extracting method and locale, reading InputStream, using HttpEntity for headers and body, building request URIs, handling multipart parts, and passing flash attributes on redirects.

Javabackendmultipart
0 likes · 7 min read
Master SpringBoot 3.2.5: 9 Essential Techniques to Access Request Data
Selected Java Interview Questions
Selected Java Interview Questions
Jun 16, 2023 · Backend Development

Spring Security Overview: Core Features, Principles, Access Control Methods, Role vs Authority, Password Encryption, and Username/Password Authentication Flow

This article explains Spring Security's core functions, underlying filter‑based mechanism, various request‑access control methods, the distinction between hasRole and hasAuthority, how to encrypt passwords with BCryptPasswordEncoder, and the complete username‑password authentication process for securing backend applications.

AuthenticationAuthorizationBackend Security
0 likes · 10 min read
Spring Security Overview: Core Features, Principles, Access Control Methods, Role vs Authority, Password Encryption, and Username/Password Authentication Flow
Code Ape Tech Column
Code Ape Tech Column
Apr 17, 2023 · Backend Development

Implementing Microservice-Level Authorization with Custom Annotations in Spring Cloud Alibaba

This article explains how to shift authentication and authorization from the gateway to downstream microservices in a Spring Cloud Alibaba environment by removing the gateway's ReactiveAuthorizationManager, creating three custom annotations (@RequiresLogin, @RequiresPermissions, @RequiresRoles), defining an AOP aspect to enforce them, and demonstrating their usage with Feign calls.

Custom Annotationsspring-cloudspring-security
0 likes · 9 min read
Implementing Microservice-Level Authorization with Custom Annotations in Spring Cloud Alibaba
Java High-Performance Architecture
Java High-Performance Architecture
Jul 14, 2022 · Information Security

Master Spring Security: Build a Robust Role‑Based Permission System in SpringBoot

This guide walks through creating a complete SpringBoot permission management system using SpringSecurity, covering database design, Maven setup, entity classes, security configuration, utility methods, dynamic menu loading, Thymeleaf menu rendering, and testing with role‑based access control.

Thymeleafjpapermission-management
0 likes · 22 min read
Master Spring Security: Build a Robust Role‑Based Permission System in SpringBoot
Programmer DD
Programmer DD
Feb 15, 2022 · Information Security

Keycloak Deprecates Most Adapters – Impact on Spring Security and Boot

On February 14, the Keycloak team announced the deprecation of most adapters—including Spring Security and Spring Boot integrations—detailing which adapters will be discontinued, which will remain, and a timeline for the phase‑out, while noting the rise of Spring Authorization Server as a replacement.

KeycloakOIDCadapters
0 likes · 4 min read
Keycloak Deprecates Most Adapters – Impact on Spring Security and Boot
Programmer DD
Programmer DD
May 20, 2021 · Information Security

Mastering JWT Bearer Grant in Spring Security 5.5 for OAuth2.0

Spring Security 5.5 introduces the JWT Bearer grant, an OAuth2.0 authorization mode defined in RFC7523, allowing clients to obtain access tokens using trusted JWTs and also to authenticate themselves, offering a streamlined alternative to traditional user‑approval flows.

AuthenticationJWTOAuth2
0 likes · 6 min read
Mastering JWT Bearer Grant in Spring Security 5.5 for OAuth2.0
Programmer DD
Programmer DD
Dec 10, 2019 · Backend Development

Master JWT Authentication in Spring Security: From Basics to Implementation

This guide walks you through the various HTTP authentication methods, explains JWT Bearer authentication, and demonstrates how to implement a custom JwtAuthenticationFilter in Spring Security, configure it, and use JWT tokens for securing API endpoints, including token refresh handling.

AuthenticationJWTbackend
0 likes · 15 min read
Master JWT Authentication in Spring Security: From Basics to Implementation
Programmer DD
Programmer DD
Oct 4, 2017 · Information Security

How to Secure a Spring Boot Web App with Spring Security – Step‑by‑Step Guide

This tutorial walks through adding Spring Security to a Spring Boot web application, covering Maven dependencies, unsecured home page creation, MVC view‑controller setup, detailed security configuration, login and hello pages with Thymeleaf, the main application class, and testing the protected endpoints.

MVCspring-bootspring-security
0 likes · 9 min read
How to Secure a Spring Boot Web App with Spring Security – Step‑by‑Step Guide