This repository is your one-stop destination for mastering Spring Security. It contains multiple projects demonstrating various authentication and authorization techniques, from basic form login to JWT-based stateless authentication with role-based access control.
- π Authentication - Form login, HTTP Basic, JWT tokens
- π« Authorization - Role-based access control (RBAC)
- π JWT Integration - Stateless authentication
- π CORS Handling - Cross-Origin Resource Sharing
- βοΈ Custom Providers - Build your own authentication logic
| Project | Description | Key Concepts |
|---|---|---|
| Spring_Security_1 | Foundation project | Basic security configuration |
| SpringSecurityAuthProviderWithoutJwt | Authentication without JWT | Custom auth providers |
| SpringSecurityJwtWithRole | JWT + Role Authorization | Token-based RBAC |
| Spring_Security_With_CustomAuthProvider | Custom authentication | Provider customization |
| SpringSecurityWithJwt | JWT implementation | Token generation & validation |
| SpringSecurityWithJwt2 | Alternative JWT approach | Different JWT strategies |
| Spring_Security_With_JWT2_And_Role | JWT + Extended roles | Fine-grained access |
| SpringSecurityWithJwtCors | JWT + CORS handling | Cross-domain security |
| SpringSecurityWithSimpleRoleJwt2 | Simplified role-JWT | Streamlined implementation |
| SpringSecurityWithoutJwt | Traditional security | Session-based auth |
| SpringSecurityWithoutJwt2 | Alternative non-JWT | Different session approaches |
βββββββββββββββββββ Credentials ββββββββββββββββββββ
β Client β ββββββββββββββββΊ β AuthController β
βββββββββββββββββββ ββββββββββ¬ββββββββββ
β
βΌ
ββββββββββββββββββββββββ
β AuthenticationMgr β
ββββββββββ¬ββββββββββββββ
β
ββββββββββββββββββββΌβββββββββββββββββββ
βΌ βΌ βΌ
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
βUserDetailsSvcβ βPasswordEncoderβ β JwtService β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β JWT TOKEN β
βββββββββββββββββββ¬ββββββββββββββββββ¬βββββββββββββββββββββ€
β HEADER β PAYLOAD β SIGNATURE β
β {"alg":"HS256" β {"sub":"user" β HMACSHA256( β
β "typ":"JWT"} β "role":"ADMIN"β base64(header)+ β
β β "exp":1234567}β base64(payload)) β
βββββββββββββββββββ΄ββββββββββββββββββ΄βββββββββββββββββββββ
| Technology | Version | Purpose |
|---|---|---|
| 17+ | Programming Language | |
| 3.x | Spring Boot Framework | |
| 8.0+ | Database | |
| 3.6+ | Build Tool | |
| Latest | API Testing |
- Java JDK 17+
- Maven 3.6+
- MySQL Server
- Postman (for API testing)
# Clone the repository
git clone https://github.com/Shubh2-0/Spring_Security.git
cd Spring_Security
# Choose a project
cd SpringSecurityJwtWithRole
# Configure database in application.properties
# Update username, password, and database name
# Run the application
mvn spring-boot:run# Register endpoint
POST /api/auth/register
{
"username": "user",
"password": "password",
"role": "USER"
}
# Login endpoint
POST /api/auth/login
{
"username": "user",
"password": "password"
}
# Protected endpoint (with JWT token)
GET /api/protected
Authorization: Bearer <your-jwt-token>π° Beginner
βββ Spring_Security_1 (Basic Config)
βββ SpringSecurityWithoutJwt (Session-based)
β
π΅ Intermediate
βββ SpringSecurityAuthProviderWithoutJwt
βββ Custom Authentication Provider
β
π΄ Advanced
βββ SpringSecurityWithJwt (Token-based)
βββ SpringSecurityJwtWithRole (RBAC)
βββ SpringSecurityWithJwtCors (CORS)
β
π Expert
βββ Build your own Security Architecture!
Security is everyone's responsibility! Contributions welcome:
- π Add new authentication patterns
- π Improve documentation
- π Fix security vulnerabilities
- π‘ Suggest best practices