BlogBuildsAbout
Devtiro

Spring Security Configuration

WatchCode

In this lesson, we'll configure Spring Security to work with our user provisioning filter.

Create Spring Security Configuration

Spring Security configuration is central to managing authentication and authorization in our application.

Let's create a new configuration class:

@Configuration public class SecurityConfig { @Bean public SecurityFilterChain filterChain( HttpSecurity http, UserProvisioningFilter userProvisioningFilter) throws Exception { http .authorizeHttpRequests(authorize -> // All requests must be authenticated authorize.anyRequest().authenticated()) .csrf(csrf -> csrf.disable()) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .oauth2ResourceServer(oauth2 -> oauth2.jwt( Customizer.withDefaults() )) .addFilterAfter(userProvisioningFilter, BearerTokenAuthenticationFilter.class); return http.build(); } }

Configuration Components

The configuration consists of several key parts that work together:

The authorizeHttpRequests() method sets up request authorization, requiring authentication for all incoming requests.

We disable CSRF protection as it's not typically needed for REST APIs.

The sessionManagement() configuration sets our application to be stateless, which is standard for REST APIs.

The oauth2ResourceServer() configuration sets up JWT token validation using default settings.

Finally, we add our user provisioning filter after the BearerTokenAuthenticationFilter, ensuring authentication happens before user provisioning.

Summary

  • Created a basic Spring Security configuration file
  • Disabled the CSRF mechanism on our REST API
  • Configured Spring Security to be stateless
  • Configured Spring Security to use the UserProvisioningFilter
Terms
Cookies
Privacy
© 2026 Devtiro Ltd. All rights reserved