Spring Security

  1. Advanced Topics and Integrations
    1. Stateless Authentication with JWT
      1. JWT Structure
        1. Header
          1. Algorithm
            1. Token Type
            2. Payload
              1. Standard Claims
                1. Custom Claims
                2. Signature
                  1. Signing Algorithms
                    1. Key Management
                  2. Creating and Parsing JWTs
                    1. JWT Libraries
                      1. Signing Tokens
                        1. Verifying Tokens
                          1. Token Expiry Handling
                            1. Refresh Token Strategy
                            2. Custom Filter for JWT Authentication
                              1. Implementing JWT Authentication Filter
                                1. Token Extraction from Requests
                                  1. Integrating with Security Filter Chain
                                    1. Error Handling
                                  2. Reactive Security with Spring WebFlux
                                    1. `ServerHttpSecurity`
                                      1. Configuration and Usage
                                        1. Reactive Security DSL
                                        2. `ReactiveUserDetailsService`
                                          1. Implementing Reactive User Details
                                            1. Mono and Flux Usage
                                            2. `ReactiveAuthenticationManager`
                                              1. Reactive Authentication Flow
                                                1. Custom Reactive Authentication
                                                2. Securing Reactive Endpoints
                                                  1. Annotation-Based Security
                                                    1. Path-Based Security Rules
                                                      1. Method-Level Security
                                                      2. Reactive OAuth 2.0 Support
                                                        1. Reactive OAuth 2.0 Client
                                                          1. Reactive OAuth 2.0 Resource Server
                                                        2. Testing Secured Applications
                                                          1. `spring-security-test` Module
                                                            1. Overview and Capabilities
                                                              1. Test Dependencies
                                                              2. Mocking Users with `@WithMockUser`
                                                                1. Usage in Unit Tests
                                                                  1. Usage in Integration Tests
                                                                    1. Custom Roles and Authorities
                                                                    2. Testing with `@WithUserDetails`
                                                                      1. Loading User Details for Tests
                                                                        1. Custom UserDetailsService
                                                                        2. Using `MockMvc` with Security Post-Processors
                                                                          1. Configuring MockMvc for Security
                                                                            1. Testing Authentication
                                                                              1. Testing Authorization
                                                                                1. CSRF Testing
                                                                                  1. Security Request Post-Processors
                                                                                  2. Testing Reactive Security
                                                                                    1. WebTestClient with Security
                                                                                      1. Reactive Security Test Utilities
                                                                                    2. Integration with Other Spring Projects
                                                                                      1. Spring Data
                                                                                        1. Securing Repository Methods
                                                                                          1. Pre/Post Authorization in Repositories
                                                                                            1. Query-Level Security
                                                                                              1. Custom Security Expressions
                                                                                              2. Spring MVC Integration
                                                                                                1. Securing Controllers
                                                                                                  1. Method-Level Security
                                                                                                    1. CSRF Integration
                                                                                                      1. Security Context in Controllers
                                                                                                      2. Spring WebFlux Integration
                                                                                                        1. Securing Reactive Endpoints
                                                                                                          1. Reactive Security Context
                                                                                                          2. Spring Boot Actuator Security
                                                                                                            1. Securing Actuator Endpoints
                                                                                                              1. Customizing Actuator Security
                                                                                                                1. Health Check Security
                                                                                                                  1. Metrics Security
                                                                                                                  2. Spring Cloud Security
                                                                                                                    1. Microservices Security
                                                                                                                      1. Service-to-Service Authentication
                                                                                                                        1. Gateway Security

                                                                                                                    Previous

                                                                                                                    6. OAuth 2.0 and OpenID Connect (OIDC)

                                                                                                                    Go to top

                                                                                                                    Next

                                                                                                                    8. Customization and Extensibility