• 1 MAIN TERMS
    • 1.1 Theory
      • 1.1.1 Authentication
      • 1.1.10 Security - WebSecurityConfig.java
      • 1.1.11 Security - MyUserDetailsService.java
      • 1.1.2 Authentication - IdentityPrincipal
      • 1.1.3 Authentication - Credentials vs Principal
      • 1.1.4 Authentication - User Object
      • 1.1.5 Authentication - Session
      • 1.1.6 Authorization
      • 1.1.7 Authorization - Authorities vs Roles
      • 1.1.8 Security - Different Implementations
      • 1.1.9 Security - UserDetailsService vs AuthenticationManager
    • 1.2 Define Users
      • 1.2.1 Default User
      • 1.2.2 application.properties
      • 1.2.3 API - userDetailsService()
      • 1.2.4 API - configure()
      • 1.2.5 DB
    • 1.3 Authentication
      • 1.3.1 Automatic - Login Form - Default
      • 1.3.2 Automatic - Login Form - Custom
      • 1.3.3 Automatic - Authorization Header - Postman - Add
      • 1.3.4 Automatic - Authorization Header - Postman - Generate
      • 1.3.5 Validate Credentials - Request - GET
      • 1.3.6 Validate Credentials - Request - POST
      • 1.3.7 Validate Credentials - Request - POST - JSON
      • 1.3.8 Manually Create User Object
      • 1.3.9 Events - Log to Console
    • 1.4 Authorization
      • 1.4.1 Security Expressions - API - Roles & Authorities
      • 1.4.2 Security Expressions - @Secured - Roles
      • 1.4.3 Security Expressions - @PreAuthorize - Roles & Authorities
      • 1.4.4 Security Expressions - @PreAuthorize - Custom Methods
      • 1.4.6 URL Patterns - Ant Matchers
      • 1.4.7 Roles
      • 1.4.8 Authorities - application.properties
      • 1.4.9 Authorities - DB
    • 1.5 Password Encoders
      • 1.5.1 No Operation
      • 1.5.2 LDAP
      • 1.5.3 Sha256
      • 1.5.4 BCrypt
    • 1.6 Manual Authentication
      • 1.6.2 Single Time (Session Based) - Request Parameters
      • 1.6.3 Every Time (Filter Based) - Request Parameters
      • 1.6.4 Every Time (Filter Based) - Request Headers
    • 1.7 CSRF (Cross-Site Request Forgery)
      • 1.7.1 Theory - Normal User Interaction
      • 1.7.2 CSRF Attack - Theory
      • 1.7.3 CSRF Attack - Application
      • 1.7.4 CSRF Token - Theory
      • 1.7.5 CSRF Token - Application
    • 1.8 Remember Me
      • 1.8.1 Login Form - Default
      • 1.8.2 Login Form - Custom
      • 1.8.3 Login Form - Default - DB - PostgreSQL
      • 1.8.4 Login Form - Default - DB - H2
    • 1.9 CORS (Cross Origin Resource Sharing)
      • 1.9.1 Application - Source
      • 1.9.2 Application - Destination
      • 1.9.3 CORS - Disabled
      • 1.9.4 CORS - Enabled - Annotations
      • 1.9.5 CORS - Enabled - API
    • 1.10 2FA (2 Factor Authentication)
      • 1.10.1 Step 1 Copy Project
      • 1.10.2 Step 2 Register
      • 1.10.3 Step 3 Enter Code
      • 1.10.4 Step 4 Restrict Access
    • 1.11 JWT (JSON Web Token)
      • 1.11.1 Step 1 - Get Token
      • 1.11.2 Step 2 - Send Token - As Request Parameter - Get Claims
      • 1.11.3 Step 3 - Send Token - In Authorization Header - Get Claims
      • 1.11.4 Step 4 - Send Token - In Authorization Header - Get Username
      • 1.11.5 Step 5 - Filter
      • 1.11.6 Step 6 - Authenticate