Top 20 Spring Security Interview Questions

1. What is Spring Security?

Spring Security is a powerful and customizable authentication and access-control
framework for Java applications, especially Spring-based apps.

2. How does authentication work in Spring Security?

It veri es user credentials using a UserDetailsService, compares passwords, and
stores authenticated info in a SecurityContext.

3. What is authorization in Spring Security?

Authorization checks what a user can access after authentication, using
annotations like @PreAuthorize, hasRole(), etc.

4. Di erence between Authentication and Authorization?

• Authentication: Verifying identity (Who are you?)
• Authorization: Granting access (What can you do?)

5. What is a SecurityFilterChain?
It’s a chain of servlet lters that handle security concerns like authentication,
authorization, CORS, CSRF, etc.

6. How to secure REST APIs using Spring Security?

Use HttpSecurity con g to de ne which endpoints are public and which require
authentication.

7. What is the UserDetailsService interface?

It loads user-speci c data (username, password, roles) from a database or in-
memory storage for authentication.

8. How to implement custom login in Spring Security?

Customize login page using:
http.formLogin().loginPage("/custom-login")

9. What is JWT and how is it used in Spring Security?

JWT (JSON Web Token) is a stateless token used to authenticate users in REST
APIs without storing sessions.

10. How do you implement JWT in Spring Security?

Generate a JWT after login, validate it in lters, and extract user info from token for
authorization.

11. What is the purpose of @EnableWebSecurity?

It enables Spring Security and allows custom security con guration via a class
extending WebSecurityCon gurerAdapter (before Spring Security 6).
ff
fi
fi
fi
fi
fi
fi
fi
fi
12. What is CSRF?
CSRF (Cross Site Request Forgery) is an attack that tricks users into performing
actions unknowingly. Spring enables CSRF protection by default.

13. How to disable CSRF for REST APIs?

Use:
http.csrf().disable()
(only for stateless APIs, not web apps)

14. What is PasswordEncoder in Spring Security?

It’s used to hash and verify passwords securely (e.g., BCryptPasswordEncoder).

15. How do roles and authorities work in Spring Security?

Roles are assigned to users, and authorities are permissions. You can check them
with hasRole("ADMIN") or hasAuthority("READ_PRIVILEGE").

16. What is method-level security?

It’s securing methods using annotations like @PreAuthorize, @Secured, etc.
Enable it using @EnableGlobalMethodSecurity.

17. How to allow certain endpoints without authentication?

In HttpSecurity:

http.authorizeHttpRequests().requestMatchers("/public/**").permitAll();

18. How to con gure multiple user roles?

Create roles and assign them in your database or con g:
.authorizeHttpRequests().requestMatchers("/admin").hasRole("ADMIN")

19. What is OAuth2 in Spring Security?

OAuth2 allows secure delegated access (like Google login). Spring Security
supports OAuth2 login and authorization server setup.

20. How to handle exceptions in Spring Security?

Use AuthenticationEntryPoint for auth failures and AccessDeniedHandler for
authorization failures.
fi
fi

Step 14 Spring Security Level I
No ratings yet
Step 14 Spring Security Level I
5 pages
Spring Security
No ratings yet
Spring Security
3 pages
Spring Security Interview Questions
No ratings yet
Spring Security Interview Questions
6 pages
15 Spring Security
No ratings yet
15 Spring Security
7 pages
Springsecurity 181008152249
No ratings yet
Springsecurity 181008152249
36 pages
Spring Security Interview Problems
No ratings yet
Spring Security Interview Problems
2 pages
Guide To Spring Security
No ratings yet
Guide To Spring Security
15 pages
Guide To Spring Security
No ratings yet
Guide To Spring Security
16 pages
Section 9 Spring Security True Senior H1 H2
No ratings yet
Section 9 Spring Security True Senior H1 H2
3 pages
Normal 5f89d02c9d162
No ratings yet
Normal 5f89d02c9d162
2 pages
Spring Security
No ratings yet
Spring Security
5 pages
Spring Security for Java Developers
No ratings yet
Spring Security for Java Developers
33 pages
Spring Security
No ratings yet
Spring Security
8 pages
Spring Security - A Comprehensive Guide
No ratings yet
Spring Security - A Comprehensive Guide
12 pages
Spring Security 6 Notes
No ratings yet
Spring Security 6 Notes
2 pages
Spring Security for Developers
No ratings yet
Spring Security for Developers
88 pages
Springbooot Security
No ratings yet
Springbooot Security
3 pages
What Is JWT (JSON Web Token), and Why Is It Used in Spring Security? Answer
No ratings yet
What Is JWT (JSON Web Token), and Why Is It Used in Spring Security? Answer
17 pages
Remainingjjjksnjsisj
No ratings yet
Remainingjjjksnjsisj
4 pages
Spring Security Interview Questions India
No ratings yet
Spring Security Interview Questions India
20 pages
Spring Security Guide
No ratings yet
Spring Security Guide
5 pages
6 Security v2
No ratings yet
6 Security v2
11 pages
Spring Security Reference
No ratings yet
Spring Security Reference
138 pages
Spring Security. Authentication and Authorization
No ratings yet
Spring Security. Authentication and Authorization
65 pages
Spring Security Zero To Master Along With JWT, OAUTH2
No ratings yet
Spring Security Zero To Master Along With JWT, OAUTH2
106 pages
Spring Security 5
No ratings yet
Spring Security 5
28 pages
Spring Security
No ratings yet
Spring Security
2 pages
Spring Security Audit & Configuration Guide
No ratings yet
Spring Security Audit & Configuration Guide
10 pages
Spring Security Zero To Master Along With JWT, OAUTH2 PDF
No ratings yet
Spring Security Zero To Master Along With JWT, OAUTH2 PDF
109 pages
5 Spring Security
No ratings yet
5 Spring Security
32 pages
Spring Security
No ratings yet
Spring Security
7 pages
01 Sep 2021 ClassNotes
No ratings yet
01 Sep 2021 ClassNotes
2 pages
Spring Security
No ratings yet
Spring Security
2 pages
Spring Security Reference
No ratings yet
Spring Security Reference
281 pages
Security&Git
No ratings yet
Security&Git
5 pages
Session04 - Spring Security
No ratings yet
Session04 - Spring Security
25 pages
Spring Security
No ratings yet
Spring Security
16 pages
Java Interview Qa
No ratings yet
Java Interview Qa
4 pages
Spring Security Guide for Developers
No ratings yet
Spring Security Guide for Developers
14 pages
A Complete Guide To Spring Security With SpringBoot - by Satya Kaveti - Medium
No ratings yet
A Complete Guide To Spring Security With SpringBoot - by Satya Kaveti - Medium
43 pages
02 Sep 2021 ClassNotes
No ratings yet
02 Sep 2021 ClassNotes
4 pages
Spring MVC Security Guide
No ratings yet
Spring MVC Security Guide
158 pages
Spring Security
No ratings yet
Spring Security
35 pages
Spring Security
No ratings yet
Spring Security
16 pages
Libro 03. Packtpub - Mastering Spring 5.0 (2017) PDF-123-127
No ratings yet
Libro 03. Packtpub - Mastering Spring 5.0 (2017) PDF-123-127
5 pages
Spring Security
No ratings yet
Spring Security
21 pages
Spring Security Setup Guide
No ratings yet
Spring Security Setup Guide
14 pages
Lecture07.1 - Spring Security PDF
No ratings yet
Lecture07.1 - Spring Security PDF
23 pages
Spring Boot Interview Q - A For (2-3 Yrs of Exp)
No ratings yet
Spring Boot Interview Q - A For (2-3 Yrs of Exp)
5 pages
Spring Security OAuth2 Implementation
No ratings yet
Spring Security OAuth2 Implementation
23 pages
Ace Your Spring Boot Interview With These 50 Key Questions
No ratings yet
Ace Your Spring Boot Interview With These 50 Key Questions
3 pages
Spring Security for J2EE Developers
No ratings yet
Spring Security for J2EE Developers
12 pages
Spring Framework Roadmap v1
No ratings yet
Spring Framework Roadmap v1
16 pages
Session05 - Spring Security (Cont)
No ratings yet
Session05 - Spring Security (Cont)
19 pages
Spring Boot API Security Guide
No ratings yet
Spring Boot API Security Guide
72 pages
Saikat Kumar Manna
No ratings yet
Saikat Kumar Manna
10 pages
Beginner's Guide to Digital Marketing
No ratings yet
Beginner's Guide to Digital Marketing
12 pages
Session Tracking in Servlets
No ratings yet
Session Tracking in Servlets
7 pages
Big Data Course Quiz
No ratings yet
Big Data Course Quiz
3 pages
BGP-LU on Juniper for JNCIE-SP
No ratings yet
BGP-LU on Juniper for JNCIE-SP
8 pages
GSM Manual GOS 22.04 en
No ratings yet
GSM Manual GOS 22.04 en
477 pages
Fortinet Threat-Landscape-Report-2025
No ratings yet
Fortinet Threat-Landscape-Report-2025
32 pages
Brochure Network Security EN
No ratings yet
Brochure Network Security EN
19 pages
20FantasticKaliLinuxTools PDF
100% (1)
20FantasticKaliLinuxTools PDF
12 pages
A10 Thunder WAFGuide-2014 04 30
No ratings yet
A10 Thunder WAFGuide-2014 04 30
136 pages
Tally Weijl SEO & Digital Strategy Plan
No ratings yet
Tally Weijl SEO & Digital Strategy Plan
8 pages
AZ-900 Student Handout
No ratings yet
AZ-900 Student Handout
5 pages
Day-1 IOCL - Cybersecurity in Oil & Gas
No ratings yet
Day-1 IOCL - Cybersecurity in Oil & Gas
31 pages
Tutorial Letter 203/0/2020: Information Security
No ratings yet
Tutorial Letter 203/0/2020: Information Security
10 pages
Empowerment Tech for Students
No ratings yet
Empowerment Tech for Students
4 pages
Configure IP Addresses
No ratings yet
Configure IP Addresses
1 page
F3a25 Lte&Evdo Router Specification
No ratings yet
F3a25 Lte&Evdo Router Specification
4 pages
Mcafee File and Removable Media Protection 5.0.2 Product Guide (Mcafee Epolicy Orchestrator) 5-27-2020
No ratings yet
Mcafee File and Removable Media Protection 5.0.2 Product Guide (Mcafee Epolicy Orchestrator) 5-27-2020
33 pages
Job Description - Consultant - Web Application Firewall Engineer - WAF
No ratings yet
Job Description - Consultant - Web Application Firewall Engineer - WAF
1 page
Apache Httpclient Tutorial
100% (1)
Apache Httpclient Tutorial
69 pages
SonicWALLSSLVPNAdministrators Guide (
No ratings yet
SonicWALLSSLVPNAdministrators Guide (
394 pages
01-01 Getting Started - AC and Fit AP - Web-Based Configuration Guide
No ratings yet
01-01 Getting Started - AC and Fit AP - Web-Based Configuration Guide
6 pages
Diffie-Hellman Key Exchange Guide
No ratings yet
Diffie-Hellman Key Exchange Guide
17 pages
ITEC3116-SNAL-Lecture 16 - Linux Server Configuration
No ratings yet
ITEC3116-SNAL-Lecture 16 - Linux Server Configuration
24 pages
Audit Trail Sheet - 1706944834898
No ratings yet
Audit Trail Sheet - 1706944834898
6 pages
Internet Leased Line Connectivity Proposal
No ratings yet
Internet Leased Line Connectivity Proposal
4 pages
Summer 2023 Model Answer
No ratings yet
Summer 2023 Model Answer
26 pages
CV - Mariia Tiukhtina - SEO
No ratings yet
CV - Mariia Tiukhtina - SEO
2 pages
Notes
No ratings yet
Notes
16 pages
Lecture 7 Telnet SSH
No ratings yet
Lecture 7 Telnet SSH
4 pages
4 Way Handshake Explained
No ratings yet
4 Way Handshake Explained
4 pages