Challenge - 5 Problems

🎖️

SecurityFilterChain Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What is the effect of this SecurityFilterChain configuration?

Consider this Spring Boot SecurityFilterChain bean configuration. What will be the behavior when a user tries to access the "/admin" endpoint without authentication?

Spring Boot

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http
        .authorizeHttpRequests(auth -> auth
            .requestMatchers("/admin").authenticated()
            .anyRequest().permitAll()
        )
        .formLogin();
    return http.build();
}

AThe user is redirected to the home page automatically.

BThe user can access "/admin" without login.

CThe user is redirected to a login page before accessing "/admin".

DThe user receives a 403 Forbidden error immediately.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Identify the syntax error in this SecurityFilterChain configuration

Which option correctly fixes the syntax error in this Spring SecurityFilterChain configuration snippet?

Spring Boot

http
  .authorizeHttpRequests(auth -> auth
    .requestMatchers("/user").hasRole("USER")
    .anyRequest().authenticated()
  )
  .formLogin()
  .and()
  .csrf().disable();

ARemove .and() and chain .csrf().disable() directly after .formLogin().

BReplace .and() with another .authorizeHttpRequests() call.

CAdd a semicolon after .formLogin() to separate method calls.

DChange .requestMatchers() to .antMatchers() to fix syntax.

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the value of 'isCsrfEnabled' after this configuration?

Given this SecurityFilterChain configuration, what is the value of the boolean variable 'isCsrfEnabled' after the filter chain is built?

Spring Boot

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

boolean isCsrfEnabled;

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http
        .csrf(csrf -> csrf.disable())
        .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
    isCsrfEnabled = http.getConfigurer(org.springframework.security.config.annotation.web.configurers.CsrfConfigurer.class) != null;
    return http.build();
}

AThrows a NullPointerException

Bnull

Ctrue

Dfalse

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this SecurityFilterChain configuration cause a runtime error?

This SecurityFilterChain configuration throws an exception at runtime. What is the cause?

Spring Boot

http
  .authorizeHttpRequests(auth -> auth
    .requestMatchers("/api/**").hasAuthority("ADMIN")
    .anyRequest().authenticated()
  )
  .httpBasic()
  .csrf(csrf -> csrf.disable())
  .build();

AThe order of .httpBasic() and .csrf() calls is invalid and causes a runtime error.

BCalling .build() directly on HttpSecurity causes an error; it should be returned from a bean method.

CMissing @Bean annotation on the method returning SecurityFilterChain causes the error.

DUsing .requestMatchers() with a pattern requires enabling WebSecurityCustomizer first.

Attempts:

2 left

🧠 Conceptual

expert

2:00remaining

Which option best describes the role of SecurityFilterChain in Spring Security?

Select the most accurate description of what a SecurityFilterChain does in a Spring Boot application.

AIt defines a sequence of security filters that process HTTP requests to enforce authentication and authorization rules.

BIt is a database connection pool that manages user credentials securely.

CIt is a UI component that displays login forms and error messages.

DIt is a configuration class that replaces the entire Spring Security framework.

Attempts:

2 left