Top Spring Security Interview Questions


What is Spring Security?

Spring Security is a powerful and highly customizable Java web framework that focuses on providing authentication, authorization, and protection against common attacks.
"Authentication" is the process of establishing a user, also known as the principle ."Authorization" refers to the process of deciding whether a principal is sanctioned to perform an action within our application.

What is the delegating filter proxy?

It is a Proxy for standard Servlet Filter, delegating to a Spring-managed bean that implements the Filter interface. Its the commencement point in the springSecurityFilterChain which instantiates the Spring Security filters according to the Spring configuration.

What is Security Context?

The SecurityContext is utilized to store the details of the currently authenticated user, additionally kenned as a principle.

Which filter class is required for spring security?

The DelegatingFilterProxy class from package org.springframework.web.filter is required.

What are PKCS12 and JKS?

PKCS12 Public Key Cryptographic Standards is a password-protected format that can include many certificates and keys, it is a format mainly utilized in the industry.
Java KeyStore is identical to PKCS12, it is a proprietary format inhibited to the Java environment.

What are the types of authentication that spring supports?
  • HTTP Basic authentication,
  • HTTP digest,
  • Using LDAP,
  • Form-based,
  • OAUTH,
  • Automatic remember me authentication.


What are PKCS12 and JKS?

PKCS12 Public Key Cryptographic Standards is a password-protected format that can include many certificates and keys, it is a format mainly utilized in the industry.
Java KeyStore is identical to PKCS12, it is a proprietary format inhibited to the Java environment.

What is Basic Authentication?

Basic authentication is often utilized with stateless clients who pass their credentials on each request. It's quite prevalent to utilize it in coalescence with form-predicated authentication where an application is utilized through both a browser-predicated utilizer interface and as a web-service.

What is Digest Authentication?

Digest authentication is an application of MD5 cryptographic hashing with the utilization of nonce values to avert replay attacks. It utilizes the HTTP protocol.

What is salting in spring?

Salting is a concept that typically pertains to password hashing. Essentially, it's a unique value that can be integrated into the end of the password to engender a different hash value. This integrates a layer of security to the hashing process, specifically against brute force attacks.

What is the OAuth2 Sanction code grant type? 

OAuth (Open Authorization) is a simple way to publish and interact with protected data.
It is an open standard for token-predicated authentication and authorization on the Internet. It sanctions an end user’s account information to be utilized by third-party services, such as Facebook, Google without exposing the user’s password.

What is JSON Web Token (JWT)?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.

Flow Diagram




More...








Popular posts from this blog

Spring boot video streaming example-HTML5

DataTable-Pagination example with Spring boot, jQuery and ajax

10 Best Job Posting Sites 2021-2022

Spring boot web project free download:User Registration System

Spring Boot + JPA/Hibernate One to Many mapping example

5 Hardest Puzzle,100% fail answers

Java security AES,SHA256,SHA512,MD5-Spring Boot Project Free Download

Spring Boot-AngularJS-Bootstrap-JPA-CRUD

ReactJS - Bootstrap - Buttons

Spring Boot file upload/download example