Spring Boot Hazelcast Cache – Guide

This is a complete guide for using Hazelcast as cache backend in your spring boot application with an example. What is Hazelcast? Hazelcast (Hazelcast-IMDG) is an in-memory data grid. The ideal use-case for Hazelcast-IMDG would be store and replicate cached content between applications. The grid itself is a collection of embedded instances of Hazelcast runtime. Many of…

Spring sessions in a Separate Database

Storing session details in Redis or database is usually a good idea. However, the default implementation of spring-session-jdbc uses the primary data source to store and retrieve data from the session related tables. This can be a problem when there is a large amount of session related operations to the database. To avoid these situations,…

Storing Spring Sessions in Database using JDBC

In this post, We will take a look at setting up Spring Boot Session module using database/JDBC as the backend. Introduction When running multiple instances of the same application, sharing the session data can be a good idea. In this post we will take a look at using a database as a session store for…

Spring Session using Redis

When running multiple instances behind a load balancer, maintaining sessions can be a problem. For example, let’s say instance-2 receives a login request and establishes a session for the user. However, the second request may not go to the same server. In this case, the user will see the login screen again. The typical solution…

Customizing Spring Session Cookies

In this post, We will take a look at Customizing Spring Session Cookies with an example. Typical behaviour In session-based authentications like Form-Login and CAS(Central Authentication System), the session is established via cookies. This is done by sending a Set-Cookie header after a successful login similar to the one shown below. Once the browser reads this response…

Roles and Privileges in Spring Security

In this post, we will take a look at Role Based Access Control (RBAC) with Spring boot. Understanding RBAC In an RBAC model there are three key entities. They are, User or Subject – The actors of the system who perform operations. It can represent a physical person, an automated account, or even another application. Role –…

Understanding Password Encoders in Spring Security

Since Spring Security 5, numerous changes happened to how passwords are handled within the security context. The major change was how the framework started making developers encode or hash the passwords when storing and validating them. If passwords are stored in plain text, the security would be compromised by anyone who has access to the…

UserDetailsService : Loading UserDetails from database

In the last post, We have seen how easy it is to set up an in-memory UserDetailsService and dynamically add users to the applications. However, we all know that the implementation is only good for demos and short-lived applications. Once these applications are stopped, All the information about the users is lost. This is why…

In-Memory UserDetailsService in Spring Security

In this post, we will take a look at how the default in-memory UserDetailsService works in Spring Boot application. Default behaviour The default autoconfiguration provides an InMemoryUserDetailsManager that generates a single user for the application to support. We can override these user properties to an extent with changes to application.properties file. For instance, you can change the default username…

Basic Authentication in Spring Boot

Let’s learn how to implement Basic authentication in a Spring MVC application with an example. Configure Basic Auth To set up basic authentication, you need to provide our own HttpSecurity configuration. Similar to providing custom login form, this setup also requires a custom WebSecurityConfigurerAdapter as shown below. This is the only change that you have to do. After…