Spring Security Basic Introduction
Introduction:#
Spring Security is a safety-shield or security-guard. When we build projects or applications we have to add some security to secure these projects or applications with the help of Spring Security library. Also when we visit any application, we must first authenticate ourselves. This process ensures that no other users can authenticate themselves. Because they have implemented security on their backend, they protect our data. They also provide authenticated routes so only authenticated people can access their applications. Our data is not getting leaked. That’s why security is most important so that we avoid all the attacks from attackers and our data will be saved.
Spring Security is a collection of filters. The Java EE-based applications are managed by the Spring Security library. These applications are added authentications (to verify the identity of users) and authorizations (to control the access to resources based on permissions) and protections (to protect applications from frequent and well-known security threats) by Spring Security Library.
Security Attacks:#
Let’s assume, a human body, when the human body is weak and at that time if any outside viruses or outside enemies attack it, and if the body is not capable of fighting with them then the human body becomes damaged. Similarly, if the security of our system is not very well and any external well-known security attackers take advantage of its weaknesses then our system and networks can become damaged.
We are living in a digital world here basically 95.9% people of the whole world depend on today’s technologies, but they are not used correctly. Certainly, illegal activity is increasing very fast and many different types of crime are caused by this type of misuse.
There are multiple types of Security Attacks. Here, we will discuss a few types, those are:
Cross-Site Request Forgery (CSRF) :
Imagine, one day, you are trying to open any of your social media application like you do every day but this time, you see that your application is logged out and when you are trying to log back using the email or the phone number and the password. This time the application shows that they’re invalid like you have never had any account. This can be scary and confusing and now, you can’t get in at all. This could be a sign of someone has hacked your account.
CSRF attack is a type of attack where someone trying to make your browser do something on a site you’re logged into, without your permission.
Cross-Site Scripting (XSS) :
Imagine you’re on a website where you can leave comments. If the website isn’t careful, someone could leave a comment with hidden bad code. When other people see this comment, the bad code can run and might steal their info or mess up their accounts
Cross-Site Scripting (XSS) is a security problem on websites. It happens when someone sneaks harmful scripts into a webpage. These scripts can:
- Steal your personal information.
- Mess with your account
- Change what you see on the site
- Do other bad things.
SQL Injection :
Imagine you’re using a website with a search box or login form. These forms often interact with a database to retrieve or store information. If these forms are not properly protected, an attacker can input specially crafted SQL code to trick the website into running harmful commands.
SQL Injection is a type of attack where bad actors insert harmful SQL code into a website's input fields, like search boxes or login forms. This code tricks the website into running commands that it shouldn’t, allowing the attacker to access or change the database in ways they shouldn’t be able to.
This article introduces Spring Security, highlighting its role in protecting applications through authentication, authorization, and defense against threats like CSRF, XSS, and SQL Injection.