1. What is mTLS? Mutual TLS (mTLS) is an extension of standard TLS (Transport Layer Security) where: This ensures: 2. mTLS Communication Flow (Step-by-Step) Below is a textual sequence diagram of the flow: 3. Detailed Explanation of Each Step 3.1 Client Hello 3.2 Server Hello 3.3 Server Certificate 3.4 Certificate Request (mTLS-specific) 3.5 Client Certificate…

Mutual TLS (mTLS) is an extension of TLS where both the client and the server authenticate each other using certificates. This is often used in internal APIs, microservices, or when you want high assurance that only trusted clients can connect to your server. Step 1: Generate Server and Client Certificates 1.1 Create a Root Certificate…

Spring Security 6, a core component of the Spring Boot 3 ecosystem, introduced a significant and welcome simplification to how method-level security is configured. The legacy annotation, @EnableGlobalMethodSecurity, has been officially deprecated in favor of the new, more streamlined @EnableMethodSecurity. This tutorial will guide you through the key differences between the two annotations and provide…

1. Introduction JSESSIONID is a unique session identifier used by Java EE web servers (like Apache Tomcat, Jetty, WildFly) to track a user’s session across multiple HTTP requests. It’s automatically generated by the server when a session is created and is usually stored in a cookie or URL parameter. 2. Why Do We Need a…

Introduction In this tutorial, we’ll create a React application and a login form. We’ll use this login form with Spring Boot application with security to login the application. Create Spring Boot Project Following is the Spring Boot project structure: SecurityConfig.java LoginRequest.java AuthController.java Create a React application Create your React application. Following are the important components:…

Introduction In today’s digital landscape, allowing users to log in using their existing Google or GitHub accounts can greatly enhance the user experience while improving security. In this tutorial, we’ll walk you through integrating OAuth2 login with Google and GitHub in a full-stack application using Spring Boot for the backend and React JS for the…

1. Introduction In this tutorial, we’ll use method level security to protect our web service endpoint. Using method-level security, we can apply annotations above the method name to either permit or block the execution of the method depending on specific conditions. For instance, we can apply a security annotation to restrict the method’s execution to…

1. Introduction In this tutorial, you will learn what are roles and authorities and how they work in Spring. You will also learn how to configure your resource server to validate user role. In previous tutorials, we accessed a protected resource at a resource server using a valid token. In this tutorial, we’ll assign user…

1. Introduction Scope is a feature in OAuth 2.0 that restricts an application’s access to a user’s account. Applications can request one or more scopes, which are shown to the user on the consent screen. The access token provided to the application is then limited to the scopes that the user approves. For a client…

1. Introduction In this tutorial, we’ll learn how to configure a Spring Boot application as OAuth resource server. In the real world, the resource owner tries to access some information from the resource server. In this tutorial, the resource server is a Spring Boot application. The user tries to access a protected API endpoint. In…