JavaThinking.com
Toggle Menu
Home
Online Kotlin Compiler
Tutorials
Spring Boot
Spring Cloud
Spring Data
Spring MVC
Spring Security
Blog
All Posts
Spring Security Basics
Check your understanding of authentication,authorization,and filter chains.
1. Which interface is responsible for authenticating users in Spring Security?
AuthenticationManager
SecurityContextHolder
UserDetailsService
PasswordEncoder
2. What is the default login page URL in Spring Security when using form login?
/login
/auth/login
/spring/login
/default-login
3. Spring Security's SecurityContextHolder stores the current authentication object thread-locally by default.
True
False
4. What does CSRF stand for? (full form)
5. Which of the following are core components of Spring Security's authentication process? (Select all that apply)
AuthenticationManager
UserDetails
PasswordEncoder
DispatcherServlet
SecurityContextHolder
6. Which annotation is used to enable Spring Security's web security support in a configuration class?
@EnableWebSecurity
@SpringBootApplication
@SecurityConfig
@EnableSecurity
7. Spring Security disables CSRF protection by default for stateless APIs (e.g., REST with JWT tokens).
True
False
8. What is the default role prefix used by Spring Security for authorities (e.g., roles like 'ADMIN')?
9. Which annotations are used for method-level security in Spring Security? (Select all that apply)
@PreAuthorize
@Secured
@PostAuthorize
@EnableWebSecurity
@AuthenticationPrincipal
10. Which class is used to configure HTTP security rules (e.g., authorize requests, form login) in Spring Security?
HttpSecurity
WebSecurityConfigurerAdapter
SecurityConfig
AuthenticationConfig
11. UserDetailsService is responsible for loading user-specific data (username, password, authorities) during authentication.
True
False
12. What is the default password encoder in Spring Security 5+ for in-memory user authentication?
BCryptPasswordEncoder
NoOpPasswordEncoder
MD5PasswordEncoder
PlaintextPasswordEncoder
13. Which statements about Spring Security's SecurityContext are true? (Select all that apply)
It holds the Authentication object
It is thread-local by default
It is managed by SecurityContextHolder
It stores user roles only
It is immutable
14. CSRF protection is enabled by default in all Spring Security applications, including stateless REST APIs.
True
False
15. What annotation is used to inject the current authenticated user into a controller method parameter?
16. Which method in HttpSecurity is used to allow unrestricted access to a specific endpoint?
.antMatchers("/public/**").permitAll()
.authorizeHttpRequests().anyRequest().authenticated()
.formLogin()
.csrf().disable()
17. Which authentication mechanisms are supported by Spring Security? (Select all that apply)
Form-based authentication
Basic authentication
OAuth2
JWT authentication
LDAP authentication
18. @EnableMethodSecurity is the recommended annotation to enable method-level security in Spring Security 6+.
True
False
19. What is the primary role of SecurityContextHolder in Spring Security?
To store the current user's authentication details
To encode passwords
To manage HTTP sessions
To configure security rules
20. What is the default username when using Spring Security's in-memory authentication without custom configuration?
Reset
Answered 0 of 0 — 0 correct