What is Spring Security basics?

Spring Security is a powerful, highly customizable framework for authentication and authorization in Spring applications. Core concepts: (1) Authentication: verifying identity (who are you?); (2) Authorization: determining access (what can you do?). Adding Spring Security: add spring-boot-starter-security → immediately secures all endpoints with form-based login. Default user: "user", password: logged at startup. SecurityFilterChain (Spring Security 5.7+): @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests(auth -> auth .requestMatchers("/api/public/**").permitAll() .requestMatchers("/api/admin/**").hasRole("ADMIN") .anyRequest().authenticated() ) .sessionManagement(s -> s.sessionCreationPolicy(STATELESS)) .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class) .csrf(csrf -> csrf.disable()); // Disable for REST APIs using JWT return http.build(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public AuthenticationManager authManager(AuthenticationConfiguration config) throws Exception { return config.getAuthenticationManager(); } }. UserDetailsService: implement to load users from the database: @Service public class CustomUserDetailsService implements UserDetailsService { public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { User user = userRepository.findByEmail(email).orElseThrow(() -> new UsernameNotFoundException("User not found: " + email)); return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), getAuthorities(user)); } }.