Spring Security

Question 1

Which configuration is used to automatically generate login and logout functionality in Spring security?

Answer 1

auto-config = “true” property means that Spring will generate default login page and logout functionality.

Question 2

How to define in memory users with roles in Spring Security XML configuration?

Question 3

How to get authenticated user’s name in JSP?

Answer 3

<h1>${title}</h1>

<h2>${message}</h2>

	<h2>Welcome: ${pageContext.request.userPrincipal.name}

	<a href="%24%7BlogoutUrl%7D">Sign Out</a> </h2>

pageContext.request.userPrincipal.name will contain the name of the authenticated user.

Question 4

Which security expression evaluates to true if the user has been granted the specified role?

Answer 4

hasRole(role) and this expression has to be provided in spring-security xml.

Question 5

Which tags are useful for security in view layer?

Answer 5

Security in view layer can be achieved using JSP tag library.

Question 6

Use of tag

Answer 6

Allows body of the tag to be rendered if the currently authenticated user has on of the stipulated permissions in the specified domain object

Question 7

Use of tag

Answer 7

Accesses properties of the current user’s authentication object

Question 8

Use of object

Answer 8

Allows the body of the tag to be rendered if a specified security constraint has been met

Question 9

Using which mechanisms can we authenticate user

Answer 9

1) In memory user repository
2) JDBC based user repository
3) LDAP based user repository
4) OpenID decentralized user identity systems
5) Central Authentication systems (CAS)

6) X.509 certificates
7) JAAS based providers.

Question 10

Which tag is used to provide jdbc user repository?

Question 11

How to define SQL to use for querying .

Answer 11

users-by-username-query: Queries for a user’s username, password and enabled status given the username
authorities-by-username-query: Queries for a user’s granted authorities given the username
group-authorities-by-username-query: Queries for a user’s group authorities given the username

Question 12

Configuration for configuring custom login page in Spring Security?

Question 13

In what ways we can provide method security?

Answer 13

1) Method annotated with @Secured from Spring security
2) Method annotated with @RolesAllowed from JSR 250
3) Methods annotated with Spring pre and post invocation annotations
4) Methods matching one or more explicitly declared pointcuts

Question 14

What should be enabled in XML to allow annotation driven security?

Answer 14

should be configured in spring-security context.

Question 15

Example of method with method level security using Secured annotation

Answer 15

@Secured({“ROLE_ADMIN”, “ROLE_TELLER”})

public Account post(Account account, double amount)

Question 16

What configuration is required in web.xml Web Context file to enable Spring security?

Answer 16

We need to configure filter chain so that it will call Security before calling actual controller.

DelegatingFilterProxy needs to be configured in filter chain. Along with that URL mapping is also needed to configure which paths need to be protected using security.

Question 17

How to configure spring security filter chain?

Answer 17

springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy

		springSecurityFilterChain
		/*

Question 18

If there are some root level beans that need to be configured like Service, Dao, Security then where should they be kept? In web.xml or some other file?

Answer 18

They should be loaded using root context. So for that we need to configure bean ContextLoaderListener and provide path to the root context xml which will contain definitions of all the beans related to Service, Dao or Security.

Question 19

If there are some root level beans that need to be configured like Service, Dao, Security then where should they be kept? In web.xml or some other file?

Answer 19

They should be loaded using root context. So for that we need to configure bean ContextLoaderListener and provide path to the root context xml which will contain definitions of all the beans related to Service, Dao or Security.

Question 20

How to link call to logout in JSP? Which tags are needed?

Answer 20

“c:url” tag is needed which needs to be imported from JSTL core tag lib.

	<a href="%24%7BlogoutUrl%7D">Sign Out</a>