0
0
Spring Bootframework~20 mins

Form-based login configuration in Spring Boot - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Form Login Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user submits the login form with incorrect credentials?
Consider a Spring Boot application configured with form-based login. What is the typical behavior when a user submits the login form with wrong username or password?
AThe user is redirected back to the login page with an error message indicating invalid credentials.
BThe user is redirected to the home page without logging in.
CThe application crashes and shows a server error page.
DThe user is logged in but with limited permissions.
Attempts:
2 left
💡 Hint
Think about how Spring Security handles authentication failures by default.
📝 Syntax
intermediate
2:00remaining
Which configuration snippet correctly enables form-based login in Spring Security?
Choose the correct Java configuration code to enable form-based login in a Spring Boot application using Spring Security.
Ahttp.formLogin().authorizeHttpRequests().anyRequest().authenticated();
Bhttp.authorizeRequests().permitAll().formLogin();
Chttp.authorizeHttpRequests().anyRequest().authenticated().and().formLogin();
Dhttp.formLogin().permitAll().authorizeHttpRequests().anyRequest().authenticated();
Attempts:
2 left
💡 Hint
Remember the order: first define authorization, then enable form login.
state_output
advanced
2:00remaining
What is the value of the 'principal' object after successful form login?
After a user successfully logs in via form-based login, what does the 'principal' object in the SecurityContext typically contain?
ANull because the user is anonymous.
BA plain string with the username only.
CAn exception object indicating login success.
DAn instance of UserDetails representing the authenticated user.
Attempts:
2 left
💡 Hint
Think about what Spring Security stores to represent the logged-in user.
🔧 Debug
advanced
2:00remaining
Why does the custom login page not show after configuring formLogin().loginPage("/my-login")?
You configured form-based login with a custom login page URL '/my-login' but when accessing a protected page, the default login page still appears. What is the most likely cause?
AThe controller for '/my-login' is missing or not mapped correctly.
BThe loginPage() method must be called before authorizeHttpRequests().
CSpring Security does not support custom login pages.
DThe application.properties file disables form login.
Attempts:
2 left
💡 Hint
Check if the URL you set for loginPage() actually serves a page.
🧠 Conceptual
expert
3:00remaining
How does Spring Security handle CSRF protection with form-based login by default?
In a Spring Boot app with form-based login enabled, what is the default behavior of Spring Security regarding CSRF tokens?
ACSRF tokens are automatically added to all forms without developer action.
BCSRF protection is enabled by default and the login form must include the CSRF token to succeed.
CCSRF tokens are only required for GET requests.
DCSRF protection is disabled by default for form-based login.
Attempts:
2 left
💡 Hint
Think about security best practices for form submissions.