Spring Security

Spring Security is a powerful framework that makes an easy for authentication & authorization. It also provides a mechanics for customizing requirements.

Features:

  • Authentication and Authorization
  • Protection against attacks
  • Servlet API integration

< Spring FrameWork

Spring Security Start

Custom Spring Security

Spring Security JWT Authentication

[Full Stack] Angular Spring Boot JWT Authentication example | Angular 6 + Spring Security + MySQL

Remember-me

Remember-me authentication is a solution for web sites to remember the identity of a user between sessions. Having 2 approaches for remember-me authentication:

1. Cookie-based tokens

– After user login sucessfully, a cookie is sent to the browser which being composed by:

base64(username + “:” + expirationTime + “:”
+ md5Hex(username + “:” + expirationTime + “:” password + “:” + key))

key: a private key to prevent modification of the remember-me token.

remember-me token is valid for expirationTime, & the username, password and key does not change in the period time. If a token has been captured, users can change their password then remember-me tokens will be invalid.

>>> More details at: How to configure Remember-Me authentication by Hash-Based Token Approach

Related Post: How to configure Spring Security to access H2 database console in Spring Boot project

2. Use a database to store the generated tokens

Create a table with name persistent_logins to save tokens. So we need to specify a datasource for remember-me configuration.

create table persistent_logins (
	username varchar(64) not null, 
	series varchar(64) primary key, 
	token varchar(64) not null,
	last_used timestamp not null
)

>>> More details at: How to configure Persistent Token Remember-Me authentication

RestTemplate Security

Latest Posts: Spring Security