Challenge - 5 Problems

🎖️

Spring Security Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Why use Spring Security in a web application?

Which of the following best explains why Spring Security is important in a web application?

AIt automatically generates user interfaces for all pages without coding.

BIt provides a framework to handle authentication and authorization securely.

CIt speeds up database queries by caching results.

DIt manages the deployment of the application to cloud servers.

Attempts:

2 left

❓ component_behavior

intermediate

2:00remaining

What happens when Spring Security is added to a Spring Boot app?

When you add Spring Security to a Spring Boot application without any extra configuration, what is the default behavior?

AOnly POST requests require authentication, GET requests are open.

BThe application crashes due to missing security settings.

CAll HTTP requests are allowed without restrictions.

DAll HTTP requests require authentication with a generated default user and password.

Attempts:

2 left

❓ state_output

advanced

2:30remaining

Spring Security filter chain behavior

Consider this Spring Security filter chain setup:

http
  .authorizeHttpRequests(auth -> auth
    .requestMatchers("/public/**").permitAll()
    .anyRequest().authenticated())
  .formLogin(withDefaults());

What happens when an unauthenticated user tries to access /public/info and /private/data?

A/public/info is accessible without login; /private/data requires login.

BBoth URLs require login before access.

C/public/info redirects to login; /private/data is accessible without login.

DBoth URLs are accessible without login.

Attempts:

2 left

📝 Syntax

advanced

2:30remaining

Identify the correct Spring Security configuration snippet

Which of the following code snippets correctly configures Spring Security to disable CSRF protection and allow all requests to /api/** without authentication?

http.csrf().disable()
  .authorizeHttpRequests(auth -&gt; auth
    .requestMatchers("/api/**").permitAll()
    .anyRequest().authenticated());

http.csrf().enable()
  .authorizeHttpRequests(auth -&gt; auth
    .requestMatchers("/api/**").permitAll()
    .anyRequest().authenticated());

http.csrf().disable()
  .authorizeHttpRequests(auth -&gt; auth
    .requestMatchers("/api/**").authenticated()
    .anyRequest().permitAll());

http.csrf().disable()
  .authorizeHttpRequests(auth -&gt; auth
    .requestMatchers("/api/**").denyAll()
    .anyRequest().authenticated());

Attempts:

2 left

🔧 Debug

expert

3:00remaining

Why does this Spring Security configuration cause a runtime error?

Given this Spring Security configuration method:

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
  http
    .authorizeHttpRequests(auth -> auth
      .requestMatchers("/admin/**").hasRole("ADMIN")
      .anyRequest().authenticated())
    .formLogin();
  return http.build();
}

When running the app, it throws an error: java.lang.IllegalArgumentException: Role prefix 'ROLE_' is missing. What is the cause?

AThe requestMatchers() method requires a list of URLs, not a string.

BThe SecurityFilterChain bean must be named 'securityFilterChain' exactly.

CThe role name should be prefixed with 'ROLE_' in hasRole method argument.

DThe formLogin() method must be called before authorizeHttpRequests().

Attempts:

2 left