Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/tawfik-s/spring-security-tasks-solution

Master Spring Security by practice. spring security tasks and solutions. you can find tasks description at the README file. freely use, modify, and distribute the code.
https://github.com/tawfik-s/spring-security-tasks-solution

bycrypt csrf github-oauth2 google-oauth2 java jwt jwt-authentication method-level-authorization method-level-security oauth oauth2 oauth2-client preauthorize security spring spring-boot spring-security spring-security-oauth2 tasks

Last synced: 3 months ago
JSON representation

Master Spring Security by practice. spring security tasks and solutions. you can find tasks description at the README file. freely use, modify, and distribute the code.

Awesome Lists containing this project

README 

          
# Spring Security Tasks Solution



Test and enhance your Spring Security expertise with this comprehensive quiz!  

Each task challenges you to configure Spring Security for a specific use case, providing a hands-on approach to mastering real-world scenarios.  

## Spring Security Architecture diagram

![SpringSecurityArchitectureDiagram.svg](SpringSecurityArchitectureDiagram.svg)



## 🌟 Features  

- 📚 Practical tasks for mastering Spring Security.  

- 🛠ī¸ Real-world use cases to boost your confidence.  

- 💡 Opportunity to experiment with different configurations.  



---



## 📝 Tasks Overview  



### 🔒 Task 1: Basic Authentication  

Configure a Spring Boot application with Spring Security to:  

- Require **username and password** authentication for all endpoints.  

- Use **in-memory user details** with roles `USER` and `ADMIN`.  



---



### 🛡ī¸ Task 2: Role-Based Access Control  

Implement **role-based access control**:  

- `USER` can access `/user/**`.  

- `ADMIN` can access `/admin/**` and `/user/**`.  

- Restrict `/admin/**` to only `ADMIN` users.  



---



### ✨ Task 3: Custom Login Page  

- Create a **custom login page** to replace the default form-based login.  

- Redirect users to different pages after login based on their roles.  



---



### 🔑 Task 4: Password Encoding  

- Integrate a **password encoder** (e.g., `BCryptPasswordEncoder`) to hash and verify passwords stored in a database.  

- Use a **database** to manage user details instead of in-memory users.  

- Use Spring Security's `SecurityContext` to pass user details into a service layer.  

- Create a **custom user details service** to load user data from a database.  

---



### 📜 Task 5: JWT Authentication  

- Configure the application to use **JWT** for authentication.  

- Implement **token generation and validation**.  

- Secure endpoints using JWT tokens.  

  > **Note**: The solution uses the JJWT library, but you can explore other options like Auth0.  



---



### 🌐 Task 6: OAuth2 Login  

- Set up **OAuth2 login** with GitHub & Google as an identity provider.  

- Allow users to log in using their **GitHub accounts**.  

- Allow users to login using their **Google sccounts**

---



### 📋 Task 7: Method-Level Security  

- Enable **method-level security annotations**.  

- Use `@PreAuthorize` and `@PostAuthorize` to secure specific methods in a service.  



---



### 🔒 Task 8: CSRF Protection  

- Enable **CSRF protection** in the application.  

- Configure CSRF tokens for form submissions.  



---



### 📂 Task 9: LDAP Authentication  

- Configure the application to authenticate users against an **LDAP server**.  



---

## 🐱‍đŸ’ģI will Add More Tasks to the Repo Stay Watching the Repo

---



## 🛠ī¸ How to Contribute  

Feel free to fork the repository, enhance the solutions, or even add new tasks!  



## đŸ“ĸ Acknowledgments  

This project is inspired by the need to bridge the gap between learning concepts and applying them in real-world scenarios. Let's code securely!  



---



Happy Learning! 🎉 And Don't forget to KISS 💋💋 (keep it simple stupid)