Security Articles
7 articles about Security. Explore Spring Boot implementation, design, and operations across related topics.
-
How to Implement API Rate Limiting in Spring Boot - Limiting Request Count with Bucket4j and Filter
Step-by-step guide to implementing rate limiting per IP and per API key from scratch by combining Bucket4j with Spring Boot's Servlet Filter. Covers how to return HTTP 429 on limit exceeded, and clarifies the differences in use cases compared to Resilience4j @RateLimiter.
-
Understanding Spring Security CSRF Protection Correctly - Configuration Differences Between REST APIs and Web Apps
Solve the cause of POST returning 403 in Spring Security by understanding the CSRF mechanism. From why `csrf().disable()` is correct for REST APIs, the required settings for Thymeleaf forms, to AJAX support via `CookieCsrfTokenRepository.withHttpOnlyFalse()`, organized with Spring Security 6 Lambda DSL implementation examples.
-
How to Configure Spring Boot as an OAuth2 Resource Server - Implementing JWT Validation and Scope-Based Authorization
A guide to validating JWTs issued by external IdPs such as Keycloak, Cognito, and Auth0 using Spring Security's resource server features, and implementing scope- and claim-based authorization.
-
How to Encrypt Sensitive Information in Configuration Files Using Jasypt with Spring Boot
If you're concerned about storing database passwords and API keys in plain text in application.yml, Jasypt is an easy solution. This guide covers the full implementation process for production use, from encryption steps using the ENC() wrapper to integration with environment variables and CI.
-
Spring Security Method Security - How to Implement RBAC with @PreAuthorize
A guide to implementing method-level Role-Based Access Control (RBAC) in Spring Boot using @PreAuthorize/@PostAuthorize/@Secured. Learn how to enable @EnableMethodSecurity, the differences between hasRole/hasAuthority, owner checks with SpEL, and testing with @WithMockUser, all with code examples.
-
How to Implement Google Login (OAuth2) with Spring Boot
A step-by-step guide to implementing Google social login from scratch using Spring Security OAuth2 Client. Covers everything from how the OAuth2 authorization code flow works to application.yml configuration and UserInfo retrieval, while building an app that runs in a local environment.
-
Spring Boot JWT Authentication with Spring Security (Tutorial)
Build JWT authentication for a Spring Boot REST API from scratch. Covers token generation, validation, JwtAuthenticationFilter, and SecurityFilterChain configuration with complete code examples.