| What is Spring Security and why is it used? |
| What is the difference between authentication and authorization? |
| How do you configure Spring Security in a Spring Boot application? |
| What is the default authentication mechanism in Spring Security? |
| What is a UserDetailsService? |
| How does Spring Security handle password encoding? |
| What is SecurityContextHolder used for? |
| What is the purpose of GrantedAuthority and Role? |
| How can you restrict access to specific URLs in Spring Security? |
| What annotations are used for method-level security? |
| What is the difference between @PreAuthorize and @Secured? |
| How do you implement custom authentication in Spring Security? |
| What is the purpose of BCryptPasswordEncoder? |
| How do you enable CSRF protection in Spring Security? |
| How can you disable CSRF for a stateless API? |
| What is the role of SecurityFilterChain in Spring Security? |
| How do you handle session management in Spring Security? |
| What is a SecurityConfigurerAdapter? |
| How do you handle access denied exceptions? |
| How do you configure Spring Security using Java configuration? |
| How does Spring Security integrate with OAuth2? |
| How does Spring Security support JWT tokens? |
| How would you secure a REST API with Spring Security? |
| What is the difference between stateless and stateful security? |
| How can you implement multi-factor authentication in Spring Security? |
| What is the order of filters in Spring Security's filter chain? |
| How can you create a custom security filter? |
| What is method security and how is it implemented? |
| How do you secure WebSockets with Spring Security? |
| How can you log security events such as login/logout? |
| How would you handle login brute-force protection in Spring Security? |
| What are some common Spring Security vulnerabilities and how do you mitigate them? |
| How would you secure an application with both REST API and a web frontend? |
| How would you test Spring Security configurations? |
| How does Spring Security support reactive applications (e.g., with WebFlux)? |
| Explain the use of SecurityContextRepository in Spring Security. |
| How do you use Spring Security with LDAP authentication? |
| How would you integrate Spring Security with third-party SSO providers? |
| What are the limitations of Spring Security? |
| How do you configure Remember-Me functionality? |
| What is the use of AuthenticationManager in Spring Security? |
| How do you define in-memory users in Spring Security? |
| What is the purpose of WebSecurityCustomizer? |
| What is HttpSecurity and how is it used? |
| How do you ignore certain endpoints from Spring Security? |
| How can you allow anonymous access in Spring Security? |
| What are the different types of authentication supported in Spring Security? |
| How do you secure static resources in Spring Security? |
| What is the difference between permitAll(), authenticated(), and hasRole()? |
| How does Spring Security handle thread safety? |
| How can you use Spring Security with Thymeleaf? |
| How does Spring Security handle logout functionality? |
| What is a filter in Spring Security, and how does it work? |
| How can you set the login page in Spring Security? |
| What is form-based authentication in Spring Security? |
| How do you handle HTTP Basic authentication in Spring Security? |
| What is the difference between HttpSecurity and WebSecurity? |
| What is role hierarchy and how is it configured? |
| How can you limit login attempts using Spring Security? |
| What is the difference between @RolesAllowed, @Secured, and @PreAuthorize? |
| How can you enable method-level security? |
| How can you secure a REST API using JWT with Spring Security? |
| How do you implement a custom login success handler? |
| What is the purpose of AccessDecisionManager? |
| How do you configure a custom access denied page? |
| How can you dynamically assign roles to users at runtime? |
| What are custom security expressions in Spring Security? |
| How do you extend AbstractSecurityWebApplicationInitializer? |
| How can you implement LDAP-based authentication in Spring Security? |
| What are AuthenticationProvider and its use case? |
| How can you integrate Spring Security with Keycloak? |
| What is the use of SecurityContextRepository in stateless applications? |
| How do you secure an endpoint using multiple roles? |
| What is the difference between OAuth2 Client and OAuth2 Resource Server in Spring Security? |
| What is a SecurityExpressionRoot? |
| How does Spring Security support multi-tenancy? |
| How can you customize CSRF token generation? |
| What is the difference between pre-authenticated and fully authenticated requests? |
| What is the use of the Principal object? |
| How can you set custom headers for CORS in Spring Security? |
| How do you configure OAuth2 login with Google or GitHub? |
| What is the use of @EnableOAuth2Sso? |
| What are the components of OAuth2 in Spring Security? |
| How can you validate JWT tokens in Spring Security? |
| How does Spring Security support refresh tokens in JWT? |
| How can you implement token blacklisting in Spring Security? |
| How do you store and retrieve JWT in client applications? |
| How can you sign and encrypt JWT tokens? |
| What is the role of JwtAuthenticationFilter? |
| How do you secure API endpoints with scopes using OAuth2? |
| How can you revoke OAuth2 tokens in Spring Security? |
| What is the use of ClientRegistrationRepository? |
| What is the OAuth2AuthorizedClientService? |
| What?s the difference between OIDC and OAuth2? |
| How do you implement single sign-on (SSO) with Spring Security? |
| What is Proof Key for Code Exchange (PKCE) and how is it supported? |
| How do you handle token expiration in Spring Security? |
| What is the best way to store client secrets securely? |
| How do you use Spring Security with external identity providers? |
| How do you configure public vs secured routes in a microservices architecture? |
|
|
|
|
|
|
|
No comments:
Post a Comment