Spring Security is one of the most powerful modules in the Spring ecosystem, designed to provide comprehensive security features for Java applications. From authentication to authorization, CSRF protection to OAuth2, Spring Security handles it all. This MCQ guide will help you gauge your understanding and enhance your knowledge of Spring Security.
Note that each MCQ question is followed by the correct answer and an explanation to help reinforce your knowledge.
1. What does Spring Security primarily offer?
a) Web Design Templates
b) Database Connectivity
c) Authentication and Authorization
d) RESTful Services
Answer:
c) Authentication and Authorization
Explanation:
Spring Security primarily provides comprehensive security features for authentication and authorization in applications.
2. What is the primary responsibility of Spring Security's Authentication mechanism?
a) Enforcing HTTPS
b) Confirming user identity
c) Managing database connections
d) Logging application events
Answer:
b) Confirming user identity
Explanation:
Authentication is the process of confirming the user's identity. It ensures that the user is who they claim to be.
3. Which component in Spring Security holds the information about a user's granted authorities?
a) UserDetails
b) GrantedAuthorities
c) UserRoles
d) Authentication
Answer:
d) Authentication
Explanation:
The Authentication object holds the principal (user) details and its granted authorities.
4. In Spring Security, what is the main difference between authentication and authorization?
a) They both refer to the same process.
b) Authentication is for verifying identity, while authorization determines what an authenticated user can access.
c) Authentication grants access, while authorization verifies identity.
d) Both are filters used to block unauthorized requests.
Answer:
b) Authentication is for verifying identity, while authorization determines what an authenticated user can access.
Explanation:
Authentication confirms user identity, while authorization defines the actions or resources an authenticated user can access.
5. Which filter is central to Spring Security's filter chain?
a) HttpFilter
b) WebSecurityFilter
c) FilterChainProxy
d) SecurityChainFilter
Answer:
c) FilterChainProxy
Explanation:
FilterChainProxy is the core component that manages the security filter chain in Spring Security.
6. Which annotation is used to enable method-level security?
a) @EnableSecurity
b) @EnableMethodSecurity
c) @MethodSecure
d) @SecureMethod
Answer:
b) @EnableMethodSecurity
Explanation:
The @EnableMethodSecurity annotation is used to enable method-level security annotations.
7. Which interface is primarily responsible for loading UserDetails by its username in Spring Security?
a) UserDetailsService
b) UserDetailsLoader
c) UserManager
d) UserProvider
Answer:
a) UserDetailsService
Explanation:
The UserDetailsService interface is designed to load user-specific data by its username.
8. In Spring Security, which class is a principal UserDetails implementation?
a) UserDetail
b) UserPrincipal
c) User
d) AppUser
Answer:
c) User
Explanation:
The User class is a principal implementation of the UserDetails interface provided by Spring Security.
9. Which annotation secures a method and restricts it to specific roles?
a) @RoleSecure
b) @PermitRole
c) @HasRole
d) @PreAuthorize
Answer:
d) @PreAuthorize
Explanation:
The @PreAuthorize annotation is used to secure methods based on role or other access-control expressions.
10. By default, which URL is used for the Spring Security login page?
a) /login
b) /signin
c) /auth
d) /enter
Answer:
a) /login
Explanation:
By default, Spring Security provides a basic login page accessible via the /login URL.
11. What does CSRF stand for in Spring Security?
a) Cross-Site Request Framework
b) Cross-Security Request Forgery
c) Cross-Site Request Forgery
d) Cross-Server Request Form
Answer:
c) Cross-Site Request Forgery
Explanation:
CSRF stands for Cross-Site Request Forgery, a type of attack that tricks users into performing unintended actions.
12. Which filter in Spring Security handles logout functionality?
a) LogoutFilter
b) SessionFilter
c) SignoutFilter
d) ExitFilter
Answer:
a) LogoutFilter
Explanation:
The LogoutFilter provides logout capabilities in Spring Security.
13. In which module is the OAuth2 support provided in Spring Security?
a) Spring OAuth
b) Spring Security OAuth2
c) Spring Auth2
d) Spring OpenAuth
Answer:
b) Spring Security OAuth2
Explanation:
Spring Security provides OAuth2 support through the Spring Security OAuth2 module.
14. Which class represents the currently authenticated user in Spring Security?
a) CurrentUser
b) SecurityUser
c) Authentication
d) AuthenticatedUser
Answer:
c) Authentication
Explanation:
The Authentication class represents the currently authenticated user in Spring Security.
15. What default role prefix does Spring Security use?
a) ROLE_
b) AUTH_
c) USER_
d) SPRING_
Answer:
a) ROLE_
Explanation:
By default, Spring Security uses the ROLE_ prefix for roles.
16. Which of the following is NOT an authentication provider in Spring Security?
a) DaoAuthenticationProvider
b) JwtAuthenticationProvider
c) RememberMeAuthenticationProvider
d) SessionAuthenticationProvider
Answer:
d) SessionAuthenticationProvider
Explanation:
There's no SessionAuthenticationProvider in Spring Security.
17. Which Spring Security filter is responsible for processing user authentication?
a) AuthenticationFilter
b) UserAuthenticationFilter
c) UsernamePasswordAuthenticationFilter
d) UserCredentialsFilter
Answer:
c) UsernamePasswordAuthenticationFilter
Explanation:
The UsernamePasswordAuthenticationFilter processes authentication requests based on username and password.
18. How does Spring Security handle authorization aspects for web requests?
a) Through Filters
b) Using AOP (Aspect-Oriented Programming)
c) By directly modifying application logic
d) Through JDBC
Answer:
a) Through Filters
Explanation:
Spring Security uses a chain of filters to handle the authorization aspects for web requests.
19. Which annotation checks if a user is authenticated before accessing a method?
a) @IsAuthenticated
b) @AuthCheck
c) @Secured
d) @UserCheck
Answer:
c) @Secured
Explanation:
The @Secured annotation ensures that a user is authenticated before accessing the annotated method.
20. Which class in Spring Security is used to hash passwords?
a) PasswordEncoder
b) PasswordHasher
c) HashEncoder
d) SecureEncoder
Answer:
a) PasswordEncoder
Explanation:
The PasswordEncoder interface in Spring Security provides mechanisms to hash passwords.
21. Which of the following is a default filter used for form-based authentication in Spring Security?
a) HttpBasicFilter
b) FormAuthenticationFilter
c) UsernamePasswordAuthenticationFilter
d) FormLoginFilter
Answer:
c) UsernamePasswordAuthenticationFilter
Explanation:
The UsernamePasswordAuthenticationFilter is used for form-based authentication to process the submission of the login form.
22. In Spring Security, which authentication method sends credentials with every HTTP request?
a) Form-based authentication
b) OAuth2 authentication
c) JWT authentication
d) Basic authentication
Answer:
d) Basic authentication
Explanation:
Basic authentication sends the username and password with every HTTP request, encoded in the header.
23. What does the ROLE_ANONYMOUS in Spring Security represent?
a) Authenticated users
b) Users with elevated privileges
c) Non-authenticated users accessing public resources
d) Admin users
Answer:
c) Non-authenticated users accessing public resources
Explanation:
ROLE_ANONYMOUS represents users that have not authenticated but are accessing public or permitted resources.
24. What mechanism does form-based authentication in Spring Security typically use to remember the authenticated user across multiple requests?
a) JWT tokens
b) Session
c) Basic Auth header
d) API keys
Answer:
b) Session
Explanation:
Form-based authentication usually relies on HTTP sessions to remember the authenticated user across requests.
25. Which Spring Security filter is responsible for processing authentication for HTTP Basic Authentication?
a) HttpBasicAuthFilter
b) BasicAuthenticationFilter
c) BasicAuthProcessingFilter
d) HttpBasicProcessingFilter
Answer:
b) BasicAuthenticationFilter
Explanation:
The BasicAuthenticationFilter processes the authentication request for HTTP Basic Authentication.
Comments
Post a Comment
Leave Comment