Top Spring Security Interview Questions

More Java interview questions and answers...

What is Spring Security?

Spring Security is a powerful and highly customizable Java web framework that focuses on providing authentication, authorization, and protection against common attacks.
"Authentication" is the process of establishing a user, also known as the principle ."Authorization" refers to the process of deciding whether a principal is sanctioned to perform an action within our application.

What is the delegating filter proxy?

It is a Proxy for standard Servlet Filter, delegating to a Spring-managed bean that implements the Filter interface. Its the commencement point in the springSecurityFilterChain which instantiates the Spring Security filters according to the Spring configuration.

What is Security Context?

The SecurityContext is utilized to store the details of the currently authenticated user, additionally kenned as a principle.

Which filter class is required for spring security?

The DelegatingFilterProxy class from package org.springframework.web.filter is required.

What are PKCS12 and JKS?

PKCS12 Public Key Cryptographic Standards is a password-protected format that can include many certificates and keys, it is a format mainly utilized in the industry.
Java KeyStore is identical to PKCS12, it is a proprietary format inhibited to the Java environment.

What are the types of authentication that spring supports?

  • HTTP Basic authentication,
  • HTTP digest,
  • Using LDAP,
  • Form-based,
  • OAUTH,
  • Automatic remember me authentication.

What is Basic Authentication?

Basic authentication is often utilized with stateless clients who pass their credentials on each request. It's quite prevalent to utilize it in coalescence with form-predicated authentication where an application is utilized through both a browser-predicated utilizer interface and as a web service.

What is Digest Authentication?

Digest authentication is an application of MD5 cryptographic hashing with the utilization of nonce values to avert replay attacks. It utilizes the HTTP protocol.

What is salting in spring?

Salting is a concept that typically pertains to password hashing. Essentially, it's a unique value that can be integrated into the end of the password to engender a different hash value. This integrates a layer of security to the hashing process, specifically against brute force attacks.

What is the OAuth2 Sanction code grant type? 

OAuth (Open Authorization) is a simple way to publish and interact with protected data.
It is an open standard for token-predicated authentication and authorization on the Internet. It sanctions an end user’s account information to be utilized by third-party services, such as Facebook, Google without exposing the user’s password.

What is JSON Web Token (JWT)?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.

Flow Diagram

More Java interview questions and answers...

Popular posts from this blog

Learn Java 8 streams with an example - print odd/even numbers from Array and List

Java Stream API - How to convert List of objects to another List of objects using Java streams?

Spring Boot + Mockito simple application with 100% code coverage

Registration and Login with Spring Boot + Spring Security + Thymeleaf

Java, Spring Boot Mini Project - Library Management System - Download

Spring boot video streaming example-HTML5

ReactJS, Spring Boot JWT Authentication Example

Java - Blowfish Encryption and decryption Example

Custom Exception Handling in Quarkus REST API

Spring Boot + OpenCSV Export Data to CSV Example