Scribd
Upload
4 views5 pages

Spring Security and JWT Overview

Uploaded by

Akhila
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views5 pages

Spring Security and JWT Overview

Uploaded by

Akhila
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

✅ What is Spring Security?

Spring Security is a powerful and customizable authentication and authorization framework for
Spring applications.

It handles:

• Login / logout
• Password encoding
• Role-based access control
• CSRF, CORS protection
• OAuth2, JWT support

✅ Common Spring Security Concepts

Concept Description
Authentication Who are you? (username/password)
Authorization What are you allowed to do? (roles/permissions)
UserDetailsService Loads user data from DB or in-memory
Encrypts passwords (e.g.,
PasswordEncoder
BCryptPasswordEncoder)
SecurityFilterChai
De nes which URLs need auth or not
n

✅ What is JWT (JSON Web Token)?


JWT is a token format used for stateless authentication. It’s a compact, URL-safe token that
contains user identity and claims.

Structure of a JWT:

[Link]
Example payload:

{
"sub": "john",
"roles": ["ROLE_USER"],
"exp": 1713894655
}

✅ Why JWT in Spring Security?


fi
With JWT:

• No need for session storage on the server.


• The token contains all user info and is sent on every request.
• Stateless: easier to scale across services.

✅ Basic Flow: Spring Security with JWT

1. ✅ Login Endpoint (e.g., /login)

◦ Accepts username/password
◦ If valid, generates a JWT token and returns it to client
2. 🔐 Client stores the token (usually in localStorage or cookies)

3. 📦 Client sends the JWT in the Authorization header

◦ Format: Authorization: Bearer <token>


4. 🔍 JWT Filter checks the token, extracts user info, and sets it in the security context

✅ Example: JWT Filter (Simpli ed)

public class JwtAuthFilter extends OncePerRequestFilter {

@Autowired
private JwtUtil jwtUtil;

@Override
protected void doFilterInternal(HttpServletRequest
request,
HttpServletResponse
response,
FilterChain filterChain)
throws ServletException, IOException {
String header = [Link]("Authorization");

if (header != null && [Link]("Bearer ")) {


String token = [Link](7);
String username = [Link](token);

if (username != null &&


[Link]().getAuthentication() ==
null) {
fi
UserDetails userDetails =
[Link](username);

if ([Link](token,
userDetails)) {
UsernamePasswordAuthenticationToken auth
=
new
UsernamePasswordAuthenticationToken(userDetails, null,
[Link]());

[Link]().setAuthentication(auth);
}
}
}

[Link](request, response);
}
}

✅ Summary

Topic Description
Spring Secures routes, handles login, roles,
Security passwords
JWT Stateless auth token, sent in headers
Integration Custom lter to extract and validate token

✅ 1. What is Git?

Answer:
Git is a distributed version control system that lets you track changes in code, collaborate with
others, and manage your project's history.

✅ 2. What’s the difference between Git and GitHub?

Answer:

• Git is the tool used locally for version control.


• GitHub is a cloud-based platform to host Git repositories and collaborate.
fi
✅ 3. What is a repository (repo)?

Answer:
A repository is a project directory that Git tracks. It contains all your code and version history.

✅ 4. What are the basic Git commands?

Command Description
git init Initialize a new Git repo
git clone <url> Copy a remote repo to local
git add <file> Stage changes for commit
git commit -m
Save staged changes with a message
"msg"
Upload commits to remote repo
git push (GitHub)
git pull Get latest changes from remote repo
git status Show current state of the repo
git log View commit history

✅ 5. What is the difference between git add and git commit?

Answer:

• git add stages changes (adds them to the staging area)


• git commit saves the staged changes to the local repo with a message

✅ 6. What is a branch in Git?

Answer:
A branch is a separate line of development. You can make changes without affecting the main code
(usually called main or master).

✅ 7. How to create and switch branches?

bash
CopyEdit
git branch feature-1 # create a branch
git checkout feature-1 # switch to that branch
Or use the newer syntax:

bash
CopyEdit
git switch -c feature-1 # create + switch

✅ 8. What is merging in Git?

Answer:
Merging means combining changes from one branch into another.

Example:

bash
CopyEdit
git checkout main
git merge feature-1

✅ 9. What is a con ict in Git?

Answer:
A merge con ict occurs when two branches have changes in the same line/ le and Git doesn’t
know which one to keep. You need to manually resolve it.

✅ 10. What is .gitignore?

Answer:
.gitignore is a le that tells Git which les or folders to ignore — like node_modules/,
.env, or *.log.
fl
fi
fl
fi
fi

You might also like