Internal Working Of Spring Security Mock Test

Question 1: SPRING SECURITY - DelegatingFilterProxy

What role does `DelegatingFilterProxy` play in Spring Security’s internal working?

Question 2: SPRING SECURITY - SecurityFilterChain Execution

In Spring Security, how are multiple filters applied internally?

Question 3: SPRING SECURITY - Code Snippet (HttpSecurity DSL)

What does the following configuration do?

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .anyRequest().authenticated();
}

Question 4: SPRING SECURITY - AuthenticationManager

Internally, what is the responsibility of `AuthenticationManager`?

Question 5: SPRING SECURITY - Code Snippet (AuthenticationProvider)

What does the following custom `AuthenticationProvider` do?

@Component
public class CustomAuthProvider implements AuthenticationProvider {
    @Override
    public Authentication authenticate(Authentication authentication) {
        // custom logic
        return new UsernamePasswordAuthenticationToken("user", null, List.of());
    }
    @Override
    public boolean supports(Class<?> auth) {
        return auth.equals(UsernamePasswordAuthenticationToken.class);
    }
}

Question 6: SPRING SECURITY - SecurityContextHolder

What does `SecurityContextHolder` store during the request lifecycle?

Question 7: SPRING SECURITY - Code Snippet (Method Security)

What happens when the following annotation is used?

@PreAuthorize("hasRole('ADMIN')")
public void deleteUser(Long id) { ... }

Question 8: SPRING SECURITY - PasswordEncoder

Why is `PasswordEncoder` crucial in Spring Security’s internal authentication process?

Question 9: SPRING SECURITY - FilterChainProxy

What is the function of `FilterChainProxy` in Spring Security?

Question 10: SPRING SECURITY - AnonymousAuthenticationFilter

What happens if no authentication is found in the `SecurityContext`?