Spring Security Test 1 Mock Test

Question 1: SPRING SECURITY - DelegatingFilterProxy

What role does `DelegatingFilterProxy` play in Spring Security’s internal working?

Question 2: SPRING SECURITY - SecurityFilterChain Definition

What is the primary purpose of SecurityFilterChain in Spring Security?

Question 3: SPRING SECURITY - JWT Basics

What is the primary purpose of a JWT in authentication?

Question 4: SPRING SECURITY - Role vs Authority

In Spring Security, what is the key difference between roles and authorities?

Question 5: SPRING SECURITY - Authentication vs Authorization Exceptions

Which statement correctly differentiates between AuthenticationException and AccessDeniedException in Spring Security?

Question 6: SPRING SECURITY - SecurityFilterChain Execution

In Spring Security, how are multiple filters applied internally?

Question 7: SPRING SECURITY - Multiple SecurityFilterChains

In an application with multiple SecurityFilterChain beans, how does Spring decide which one applies?

Question 8: SPRING SECURITY - Stateless Sessions with JWT

In a stateless authentication system using JWTs, how is user state managed?

Question 9: SPRING SECURITY - Method Level Authorization

What does the following annotation enforce?

@PreAuthorize("hasRole('ADMIN')")
public void deleteUser(Long id) { ... }

Question 10: SPRING SECURITY - Custom AuthenticationEntryPoint

What is the purpose of implementing AuthenticationEntryPoint in Spring Security?

Question 11: SPRING SECURITY - Code Snippet (HttpSecurity DSL)

What does the following configuration do?

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .anyRequest().authenticated();
}

Question 12: SPRING SECURITY - Code Snippet (Multiple Chains)

What is the effect of the following configuration?

@Bean
SecurityFilterChain adminChain(HttpSecurity http) throws Exception {
    return http
        .securityMatcher("/admin/**")
        .authorizeHttpRequests()
        .anyRequest().hasRole("ADMIN")
        .and().build();
}

@Bean
SecurityFilterChain userChain(HttpSecurity http) throws Exception {
    return http
        .securityMatcher("/user/**")
        .authorizeHttpRequests()
        .anyRequest().authenticated()
        .and().build();
}

Question 13: SPRING SECURITY - Code Snippet (JWT Validation Filter)

What is the purpose of the following filter snippet?

String token = request.getHeader("Authorization").substring(7);
Claims claims = Jwts.parser()
        .setSigningKey(secretKey)
        .parseClaimsJws(token)
        .getBody();

Question 14: SPRING SECURITY - Expression-Based Access Control

Which of the following is true about Spring Security’s expression-based access control?

Question 15: SPRING SECURITY - Code Snippet (EntryPoint)

What HTTP status does this custom entry point return for unauthenticated requests?

@Component
public class CustomEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request,
                         HttpServletResponse response,
                         AuthenticationException authException) throws IOException {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Access Denied");
    }
}

Question 16: SPRING SECURITY - AuthenticationManager

Internally, what is the responsibility of `AuthenticationManager`?

Question 17: SPRING SECURITY - Default SecurityFilterChain

What happens if no custom SecurityFilterChain bean is defined in a Spring Boot app?

Question 18: SPRING SECURITY - JWT Signature

Why is a signature part of a JWT important?

Question 19: SPRING SECURITY - Code Snippet (HttpSecurity Rules)

What does the following configuration do?

http
  .authorizeHttpRequests()
  .requestMatchers("/admin/**").hasRole("ADMIN")
  .requestMatchers("/user/**").hasAnyRole("USER", "ADMIN")
  .anyRequest().authenticated();

Question 20: SPRING SECURITY - AccessDeniedHandler

In Spring Security, what is the role of AccessDeniedHandler?