Spring Security Articles
Articles on Spring Security authentication, authorization, HTTP security, JWT, and method-level security.
-
How to Implement JWT Refresh Tokens with Spring Security
A guide to issuing, rotating, and revoking access tokens and refresh tokens in Spring Boot, including Redis persistence and reuse detection.
-
Understanding Spring Security CSRF Protection Correctly - Configuration Differences Between REST APIs and Web Apps
Solve the cause of POST returning 403 in Spring Security by understanding the CSRF mechanism. From why `csrf().disable()` is correct for REST APIs, the required settings for Thymeleaf forms, to AJAX support via `CookieCsrfTokenRepository.withHttpOnlyFalse()`, organized with Spring Security 6 Lambda DSL implementation examples.
-
How to Configure Spring Boot as an OAuth2 Resource Server - Implementing JWT Validation and Scope-Based Authorization
A guide to validating JWTs issued by external IdPs such as Keycloak, Cognito, and Auth0 using Spring Security's resource server features, and implementing scope- and claim-based authorization.
-
How to Use GraphQL with Spring Boot - Spring for GraphQL Basics and When to Use It vs REST API
Using Spring for GraphQL in Spring Boot 3.x, this guide covers schema definition, Query and Mutation Resolver implementation, handling N+1 problems with DataLoader, and integration with Spring Security. Includes a comparison with REST API to clarify when to choose GraphQL.
-
Spring Security Method Security - How to Implement RBAC with @PreAuthorize
A guide to implementing method-level Role-Based Access Control (RBAC) in Spring Boot using @PreAuthorize/@PostAuthorize/@Secured. Learn how to enable @EnableMethodSecurity, the differences between hasRole/hasAuthority, owner checks with SpEL, and testing with @WithMockUser, all with code examples.
-
How to Implement Real-Time Communication with WebSocket in Spring Boot - Basics of STOMP and SockJS
Learn how to quickly run a broadcast-style chat with Spring Boot + STOMP + SockJS, explained through a three-layer structure of configuration class, @MessageMapping, and SimpMessagingTemplate. Covers one-to-one messaging, retrieving authenticated users via Principal, and scaling with an external broker.
-
Spring Boot Thymeleaf Server-Side Rendering Implementation Guide - Forms, Validation, and Security
A comprehensive implementation tutorial for Spring Boot 3.x × Thymeleaf 3.1, covering HTML responses, form handling, Bean Validation error display, and Spring Security integration (CSRF/authentication display switching). Based on code examples that work as-is.
-
Spring Boot 2.x to 3.x Migration Guide - Java 17 Required with Checklist
Explains the 2.x→3.x migration steps with practical code examples in response to Spring Boot 2.7 end-of-life (EOL) and the Java 17 requirement. Organizes javax→jakarta replacement, SecurityFilterChain migration, and spring.factories deprecation handling with a checklist, providing the shortest route to understanding the causes and solutions for compilation/startup errors.
-
How to Implement Google Login (OAuth2) with Spring Boot
A step-by-step guide to implementing Google social login from scratch using Spring Security OAuth2 Client. Covers everything from how the OAuth2 authorization code flow works to application.yml configuration and UserInfo retrieval, while building an app that runs in a local environment.
-
Spring Boot JWT Authentication with Spring Security (Tutorial)
Build JWT authentication for a Spring Boot REST API from scratch. Covers token generation, validation, JwtAuthenticationFilter, and SecurityFilterChain configuration with complete code examples.
-
Getting Started with Authentication in Spring Boot Using Spring Security - From Basic Authentication to Form Authentication
A beginner-friendly tutorial for implementing authentication step by step with Spring Security in Spring Boot. Covers the basics of SecurityFilterChain, the BCrypt password encoder, Basic authentication (verified with curl), form authentication, logout, and custom login pages, carefully explaining configuration points that are easy to stumble on.