SecurityFilterChain In Spring Security Mock Test

Question 1: SPRING SECURITY - SecurityFilterChain Definition

What is the primary purpose of SecurityFilterChain in Spring Security?

Question 2: SPRING SECURITY - Multiple SecurityFilterChains

In an application with multiple SecurityFilterChain beans, how does Spring decide which one applies?

Question 3: SPRING SECURITY - Code Snippet (Multiple Chains)

What is the effect of the following configuration?

@Bean
SecurityFilterChain adminChain(HttpSecurity http) throws Exception {
    return http
        .securityMatcher("/admin/**")
        .authorizeHttpRequests()
        .anyRequest().hasRole("ADMIN")
        .and().build();
}

@Bean
SecurityFilterChain userChain(HttpSecurity http) throws Exception {
    return http
        .securityMatcher("/user/**")
        .authorizeHttpRequests()
        .anyRequest().authenticated()
        .and().build();
}

Question 4: SPRING SECURITY - Default SecurityFilterChain

What happens if no custom SecurityFilterChain bean is defined in a Spring Boot app?

Question 5: SPRING SECURITY - Code Snippet (SecurityMatcher)

What is the purpose of securityMatcher("/api/**") in a filter chain?

@Bean
SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
    return http
        .securityMatcher("/api/**")
        .authorizeHttpRequests()
        .anyRequest().authenticated()
        .and().build();
}

Question 6: SPRING SECURITY - Filter Order

How is the execution order of filters inside a SecurityFilterChain determined?

Question 7: SPRING SECURITY - Code Snippet (PermitAll vs Authenticated)

What is the outcome of this chain configuration?

@Bean
SecurityFilterChain chain(HttpSecurity http) throws Exception {
    return http
        .authorizeHttpRequests()
        .requestMatchers("/public/**").permitAll()
        .anyRequest().authenticated()
        .and().build();
}

Question 8: SPRING SECURITY - Multiple Chains Ordering

How can you control the evaluation order of multiple SecurityFilterChain beans?

Question 9: SPRING SECURITY - Interaction with FilterChainProxy

How does SecurityFilterChain relate to FilterChainProxy internally?

Question 10: SPRING SECURITY - Stateless SecurityFilterChain

What does the following configuration imply?

@Bean
SecurityFilterChain statelessChain(HttpSecurity http) throws Exception {
    return http
        .securityMatcher("/api/**")
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .authorizeHttpRequests()
        .anyRequest().authenticated()
        .and().build();
}