Spring Security

Spring Security is a powerful framework that makes an easy for authentication & authorization. It also provides a mechanics for customizing requirements.

Features:

  • Authentication and Authorization
  • Protection against attacks
  • Servlet API integration


< Spring FrameWork


Spring Security Start

Custom Spring Security

Remember-me

Remember-me authentication is a solution for web sites to remember the identity of a user between sessions. Having 2 approaches for remember-me authentication:

1. Cookie-based tokens

– After user login sucessfully, a cookie is sent to the browser which being composed by:

base64(username + “:” + expirationTime + “:”
+ md5Hex(username + “:” + expirationTime + “:” password + “:” + key))

key: a private key to prevent modification of the remember-me token.

remember-me token is valid for expirationTime, & the username, password and key does not change in the period time. If a token has been captured, users can change their password then remember-me tokens will be invalid.

>>> More details at: How to configure Remember-Me authentication by Hash-Based Token Approach

2. Use a database to store the generated tokens

Create a table with name persistent_logins to save tokens. So we need to specify a datasource for remember-me configuration.

>>> More details at: How to configure Persistent Token Remember-Me authentication

RestTemplate Security


Latest Posts: Spring Security