Spring Security is a powerful framework that makes an easy for authentication & authorization. It also provides a mechanics for customizing requirements.
- Authentication and Authorization
- Protection against attacks
- Servlet API integration
< Spring FrameWork
Spring Security Start
- Spring Security – Config Security for Web MVC by Spring Boot
- How to use Spring Security JDBC Authentication with PostgreSQL & Spring Boot
- How to use Spring Security JDBC Authentication with MySQL & Spring Boot
Custom Spring Security
- Spring Security – Customize Login Handler
- Spring Security Customize Logout Handler
- Spring Security – Customize Authentication Provider
Remember-me authentication is a solution for web sites to remember the identity of a user between sessions. Having 2 approaches for remember-me authentication:
1. Cookie-based tokens
– After user login sucessfully, a cookie is sent to the browser which being composed by:
base64(username + “:” + expirationTime + “:”
+ md5Hex(username + “:” + expirationTime + “:” password + “:” + key))
key: a private key to prevent modification of the remember-me token.
– remember-me token is valid for expirationTime, & the username, password and key does not change in the period time. If a token has been captured, users can change their password then remember-me tokens will be invalid.
>>> More details at: How to configure Remember-Me authentication by Hash-Based Token Approach
2. Use a database to store the generated tokens
Create a table with name
persistent_logins to save tokens. So we need to specify a datasource for remember-me configuration.
create table persistent_logins (
username varchar(64) not null,
series varchar(64) primary key,
token varchar(64) not null,
last_used timestamp not null
>>> More details at: How to configure Persistent Token Remember-Me authentication
Latest Posts: Spring Security