Scribd
Upload
33 views12 pages

Spring Security Servlet Architecture

Uploaded by

Fatima Zahra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views12 pages

Spring Security Servlet Architecture

Uploaded by

Fatima Zahra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Spring

Security
Architecture
Discover the process it aboards
when it comes to secure paths and
basic configuration of a web
application based on servlets.

@mauricioperez
Types of
applications 01
that can be
secured

1. Servlet WebApps

2. Reactive WebApps

We’re going to take a look at Servlet based WebApps.

The reason is that are the most used applications


nowadays with a powering from Spring, whereas Reactive
applications could be even better but as we all as
programmers say it depends on the type of use...
Ways of
02 authentication

There are 3 main ways to use authentication


with Spring Security:

1,. With a username and a password


2. With the OAuth 2.0 or SAML2
3. With JWT authentication
Take a look at the

architecture
components
Filter Chain
03

The filter ordering is important as much as the task


performance ordering to execute.

This is the stack where the main Spring Security’s servlet


support resides by filters. It goes downstream until reach the
servlet.
DelegatingFilterProxy

04

This is much more like a wrapper


to establish communication
between the ApplicationContext
and the Servlet Container.

Inside DelegatingFilterProxy could carry beans to include


them into the Servlet Container of Spring Security to make a
bridging - that is the point of this component.
FilterChainProxy

05

I just mentioned that DelegatingFilterProxy can


contain beans from ApplicationContext.

So here FilterChainProxy acts as a bean stored in the


ApplicationContext containing a SecurityFilterChain that we’ll
take a look at that at the next step...

FilterChainProxy is wrapped ito a DelegatingFilterProxy


because FilterChainProxy is a bean, and needs to be bridged
to Spring Security Servlet.

After passing through this process of connecting and


executing the respective SecurityFilterChain container, the
downstream flow will continue to be executing in the
FilterChain within the Servlet Container of Spring Security.
SecurityFilterChain
06

And, there could be more than one SecurityFilterChain


SecurityFilterChain
07

So what exactly is SecurityFilterChain?


It is a group of bean bridged filters to then be executed
isolatedly for specific paths thereby to apply specific filters
contained into that path execution.

In this case, for example if the FilterChainProxy detects a


path “/api/anythingElseHere” therefore it will delegate
SecurityFilterChain 0 different if the path comes with
“/anyPath”

This paths are programmed and declarated into a


Configuration file into our Spring project using
@Configuration annotation.
So where do I
configure these
paths in my

Spring
Project?
Configuration File
08

These is the configuration class:

1. Take a look at the annotation: If you aren’t using Spring


Boot you must anotate it also with @EnablewebSecurity
apart from @Configuration annotation.
2. The method returns an object type of SecurityFilterChain
meaning that it will be stored first as a bean and the it will
be bridged to the Spring Security Servlet as seen before!
3. When configuring this type of conf. files we must take
care of the order place of filters we are putting on the
code configuration, remember the order matters here!
Thank you!

What was your favorite


component of the
Spring Security
Architeture?
@mauricioperez

If you liked it, don’t hesitate to recommend this


post!

You might also like