Introduction to Spring Security

Photo by marcos mayer on Unsplash


public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {


public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e)
throws IOException, ServletException {
request.getRequestURI(), e.getClass().getName(),

response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");


CasAuthenticationFilter, OpenIDAuthenticationFilter, UsernamePasswordAuthenticationFilter — default responds to the URL “/login” which used to be “/j_spring_security_check” before.


public interface Authentication extends Principal, Serializable {
Collection<? extends GrantedAuthority> getAuthorities();

Object getCredentials();

Object getDetails();

Object getPrincipal();

boolean isAuthenticated();

void setAuthenticated(boolean var1) throws IllegalArgumentException;


  • A DisabledException must be thrown if an account is disabled.
  • A LockedException must be thrown if an account is locked.
  • An AccountExpiredException must be thrown if the account has expired.
  • A BadCredentialsException must be thrown if incorrect credentials are provided via authentication request.



AbstractAuthenticationTargetUrlRequestHandler, SimpleUrlAuthenticationSuccessHandler


  • CredentialsExpiredException (extends AccountStatusException) can be thrown based on the expiration conditions to route to a “change-password” page.
DelegatingAuthenticationFailureHandler, ExceptionMappingAuthenticationFailureHandler, ForwardAuthenticationFailureHandler, SimpleUrlAuthenticationFailureHandler

Exception Types

AccountStatusException, ActiveDirectoryAuthenticationException, AuthenticationCancelledException, AuthenticationCredentialsNotFoundException, AuthenticationServiceException, BadCredentialsException, InsufficientAuthenticationException, NonceExpiredException, OAuth2AuthenticationException, PreAuthenticatedCredentialsNotFoundException, ProviderNotFoundException, RememberMeAuthenticationException, Saml2AuthenticationException, SessionAuthenticationException, UsernameNotFoundException


AbstractPasswordEncoder, Argon2PasswordEncoder, BCryptPasswordEncoder, DelegatingPasswordEncoder, LdapShaPasswordEncoder, Md4PasswordEncoder, MessageDigestPasswordEncoder, NoOpPasswordEncoder, Pbkdf2PasswordEncoder, SCryptPasswordEncoder, StandardPasswordEncoder


public interface UserDetailsService {
UserDetails loadUserByUsername(String var1) throws UsernameNotFoundException;
public interface UserDetails extends Serializable {
Collection<? extends GrantedAuthority> getAuthorities();

String getPassword();

String getUsername();

boolean isAccountNonExpired();

boolean isAccountNonLocked();

boolean isCredentialsNonExpired();

boolean isEnabled();

I would love to change the world, but they won’t give me the source code | coding 👩🏼‍💻 | coffee ☕️ | jazz 🎷 | anime 🐲 | books 📚 | drawing 🎨

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A story from real life about feature prioritization

Task Sequences types in Software Center — OSD or Application?


Make Your Retrospectives Better with Sky Retro

Anaconda for Ubuntu on Windows

advanced system settings

My Guide for AWS Certifications

6 Free Speech-to-text Apps

Learn basics of managing the GitHub Repository

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nil Seri

Nil Seri

I would love to change the world, but they won’t give me the source code | coding 👩🏼‍💻 | coffee ☕️ | jazz 🎷 | anime 🐲 | books 📚 | drawing 🎨

More from Medium

Microservices with Spring Boot Part 2

Build a Spring Boot REST API with Pagination and Sorting

Spring Security: How it works internally

#SpringSecurity Part 2 : Creating a simple Spring security project (Basic Authentication)