Security concepts
- Principal – user, device or system that performs an action
- Authentication – establishing that a principal’s credentials are valid
- Authorization – deciding if a principal is allowed to access a resource
- Authority – Permission or credential enabling access
- Secured Resource – Resource that is being secured
Structure
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-31.png)
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-34.png)
Security Filters
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-35.png)
SecurityContexPersistenceFilter
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-36.png)
URL Authorization
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-37.png)
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-38.png)
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-39.png)
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-41.png)
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-42.png)
![](https://blog.kitboga.net/wp-content/uploads/2023/11/image-43.png)
Example
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(Customizer.withDefaults())
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.httpBasic(Customizer.withDefaults())
.formLogin(Customizer.withDefaults());
return http.build();
}
}