Best of Spring Security2025

  1. 1
    Article
    Avatar of javarevisitedJavarevisited·1y

    6 Must Read Spring Framework Books (includes Spring Boot and Spring Security) in 2025

    The post recommends six key books for learning the Spring framework, including Spring Boot and Spring Security, suitable for beginners to advanced Java developers. It highlights essentials like 'Spring in Action' by Craig Walls and covers topics such as dependency injection, MVC architecture, batch processing, and security practices. Each book has been updated for the latest Spring versions, providing comprehensive guides to mastering various components of the Spring ecosystem.

  2. 2
    Article
    Avatar of javarevisitedJavarevisited·1y

    JWT Authentication with Spring 6 Security

    Learn how to implement JWT authentication with Spring 6 Security using best practices. This guide walks through setting up a Spring Boot project, configuring JWT authentication, and integrating MongoDB for user data. It covers creating JWT tokens, adding security configurations, and testing endpoints. The aim is to secure a social media app with user authentication and authorization.

  3. 3
    Article
    Avatar of javarevisitedJavarevisited·1y

    Why Become a Certified Spring Professional/Developer in 2025?

    Becoming a Certified Spring Developer in 2025 can significantly enhance your career prospects by unlocking higher salaries, ensuring growth, and differentiating you from other Java developers. The certification process helps you master core Spring concepts, including Spring Boot, Security, and Cloud, while providing hands-on experience with real-world projects. As demand for skilled Spring developers continues to grow, a certification validates your expertise and makes you a strong candidate for top companies. Recommended resources for preparing include books, practice tests, official documentation, and courses on platforms like Udemy and Baeldung.

  4. 4
    Article
    Avatar of springSpring·1y

    Spring Security 6.5.0 Is Out!

    Spring Security 6.5.0 has been released, bringing new capabilities and improvements for Java developers. This version enhances security features, offering better integration for web applications, serverless environments, and event-driven systems, among other enhancements.

  5. 5
    Article
    Avatar of baeldungBaeldung·50w

    Authorize Request for Certain URL and HTTP Method in Spring Security

    Spring Security provides flexible mechanisms to authorize requests based on URLs, HTTP methods, and user roles. The tutorial demonstrates implementing role-based access control in a blogging platform where users can manage their own posts while admins have broader permissions. Key concepts include configuring SecurityFilterChain for URL-based authorization, using @PreAuthorize for method-level security, implementing custom UserDetailsService for database authentication, and creating service layers that enforce business logic with proper access controls. The implementation covers user registration, authentication, and CRUD operations with appropriate security constraints.

  6. 6
    Article
    Avatar of baeldungBaeldung·1y

    A Guide to One-Time Token Login in Spring Security

    One-time token login (OTT) in Spring Boot applications helps balance ease of use and security, ideal for infrequent logins. It simplifies authentication by sending a time-limited token via email or SMS for user login instead of traditional passwords. The tutorial covers implementing OTT with Spring Boot and Spring Security, including necessary configurations, token generation, and delivery methods, concluding with manual and automated testing guidelines.

  7. 7
    Article
    Avatar of baeldungBaeldung·47w

    Implementing the Core Services of Spring Authorization Server with Redis

    Spring Authorization Server's default in-memory storage becomes problematic for production applications due to lack of persistence and horizontal scaling support. This guide demonstrates implementing Redis-based persistence for core authorization services including registered clients, tokens, authorization states, and consents. The implementation involves creating entity models, Spring Data repositories, custom service implementations, and Redis configuration. Key components include OAuth2RegisteredClient entities, authorization grant entities for different OAuth2 flows, and corresponding repositories and services that handle persistence operations. The tutorial uses an embedded Redis server and provides a complete working example with authentication flow demonstration.

  8. 8
    Article
    Avatar of baeldungBaeldung·48w

    Faking OAuth2 Single Sign-on in Spring

    Learn how to test OAuth2 Single Sign-On implementations in Spring Boot applications without running actual authorization servers. The guide covers two approaches: bypassing authentication using MockMvc with Spring Security test configurations, and mocking the authorization server using WireMock. Both methods eliminate the need for Keycloak during testing while maintaining realistic test scenarios for OAuth2 SSO flows.

See all Spring Security archives