Spring Security Interview Questions

What is Spring Security?

Spring security is a project under spring framework umbrella, which provides support for security requirements of enterprise Java projects. Spring Security formerly known as aegis security provides out of box support for creating login screen, remember me cookie support, securing URL, authentication provider to authenticate user from database, LDAP and in memory, concurrent active session management support and many more. In order to use Spring security in a Spring MVC based project, you need to include spring-security.jar and configure it in application-Context-security.xml file, you can name it whatever you want, but make sure to supply this to ContextLoaderListener, which is responsible for creating Spring context and initializing dispatcher servlet.

Which filter class is needed for spring security?

org.springframework.web.filter.DelegatingFilterProxy.

How to enable Spring Security in Web Application?

You can enable the Spring security by adding the Filter org.springframework.web.filter.DelegatingFilterProxy in your application’s web.xml.

	<!-- User Auth filter -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

From the applications perspective, how many user roles needed in spring security.
Three user roles are there in spring.

Supervisors

Tellers

Plain Users

How to restrict static resources processed by spring security filters?

<http pattern="/res/**" security="none" />

Or

<intercept-url pattern="/res/**" access="permitAll"/>

How to add security to method calls made on Spring beans in the application context?

<global-method-security pre-post-annotations="enabled" />