Yeh raha ULTIMATE Spring Security Interview Questions List (0–4 Years)
2025 Edition — Exactly 80 Questions jo har company poochhti hai (TCS, Infosys, Cognizant, Accenture, Capgemini, Deloitte, Wipro, IBM, Paytm, PhonePe, Goldman Sachs, JPMorgan, Amazon — SABKE SAB)
| No. | Spring Security Interview Questions (2025 Mein 100% Poochte Hain) |
|---|---|
| 1 | What is Spring Security? |
| 2 | Difference between Authentication and Authorization? |
| 3 | What is SecurityContextHolder? |
| 4 | What is Authentication object? |
| 5 | What is GrantedAuthority? |
| 6 | What is the default username and password in Spring Boot 3 + Security? |
| 7 | Where is the default password printed in logs? |
| 8 | How to add basic authentication in Spring Boot 3? (Old vs New way) |
| 9 | What is SecurityFilterChain bean? (Spring Boot 3 new way) |
| 10 | How to disable security completely in Spring Boot 3? |
| 11 | How to secure only some endpoints and keep others public? |
| 12 | What is @PreAuthorize, @PostAuthorize, @Secured? |
| 13 | What is @EnableMethodSecurity in Spring Boot 3? (Old name was @EnableGlobalMethodSecurity) |
| 14 | Difference between hasRole() and hasAuthority()? |
| 15 | What is "ROLE_ADMIN" vs "ADMIN" — explain the prefix |
| 16 | How to use @PreAuthorize("hasRole('ADMIN')")? |
| 17 | What is UserDetailsService? |
| 18 | What is UserDetails? |
| 19 | What is PasswordEncoder? Which one is recommended in 2025? |
| 20 | How to use BCryptPasswordEncoder in Spring Boot 3? |
| 21 | What is Jwt? Full form |
| 22 | How to implement JWT authentication in Spring Boot? (Step by step) |
| 23 | What is JwtAuthenticationFilter? |
| 24 | What is OncePerRequestFilter? |
| 25 | What is Jwt secret key? Where to store it? |
| 26 | How to validate JWT token in filter? |
| 27 | What is AuthenticationEntryPoint? |
| 28 | What is AccessDeniedHandler? |
| 29 | How to return custom JSON on 401 and 403? |
| 30 | What is CSRF? Is it enabled by default in Spring Boot 3? |
| 31 | How to disable CSRF for POST APIs? |
| 32 | What is CORS? How to enable CORS in Spring Boot Security? |
| 33 | Difference between @CrossOrigin and WebSecurity CORS configuration |
| 34 | What is OAuth2? |
| 35 | Difference between OAuth2 and JWT |
| 36 | What is OAuth2 Login (Social Login) in Spring Boot? |
| 37 | How to add Google login in Spring Boot 3 in just 10 lines? |
| 38 | What is spring-boot-starter-oauth2-client? |
| 39 | What is spring-boot-starter-oauth2-resource-server? |
| 40 | How to secure APIs with JWT using resource server? |
| 41 | What is @RegisteredOAuth2AuthorizedClient? |
| 42 | What is SecurityContextRepository? |
| 43 | How to make stateless JWT authentication? |
| 44 | What is sessionCreationPolicy? |
| 45 | sessionCreationPolicy(Stateful vs Stateless) |
| 46 | What is HttpSecurity vs WebSecurity? |
| 47 | What is permitAll() vs authenticated()? |
| 48 | What is antMatchers vs mvcMatchers vs regexMatchers? |
| 49 | Which one is deprecated in Spring Boot 3? |
| 50 | What is the new way in Spring Boot 3? (requestMatchers()) |
| 51 | How to configure multiple SecurityFilterChain? |
| 52 | How to secure different APIs with different rules? |
| 53 | What is @AuthenticationPrincipal? |
| 54 | How to get current logged-in user in controller? |
| 55 | How to get current user in service layer? |
| 56 | What is Remember-Me authentication? |
| 57 | What is the difference between formLogin() and httpBasic()? |
| 58 | How to implement custom login page? |
| 59 | How to implement custom login JSON API (not form)? |
| 60 | What is UsernamePasswordAuthenticationFilter? |
| 61 | What is AuthenticationProvider? |
| 62 | What is DaoAuthenticationProvider? |
| 63 | How to implement custom authentication logic? |
| 64 | What is InMemoryUserDetailsManager? |
| 65 | What is JdbcUserDetailsManager? |
| 66 | How to store users in database with Spring Security? |
| 67 | What is authorities table structure? |
| 68 | What is @WithMockUser? How to use in testing? |
| 69 | What is @WithUserDetails? |
| 70 | How to test secured endpoints with MockMvc? |
| 71 | How to disable security in test profile? |
| 72 | What is spring.security.user.name and password properties? |
| 73 | What is security debug mode? How to enable? |
| 74 | What is the default order of SecurityFilterChain? |
| 75 | How to change order of filters? |
| 76 | What is DelegatingFilterProxy? |
| 77 | What is FilterChainProxy? |
| 78 | What is the new recommended way to configure Security in Spring Boot 3.2+? (Lambda DSL) |
| 79 | How to add custom header like "X-Content-Type-Options: nosniff"? |
| 80 | How to prevent clickjacking? (X-Frame-Options) |
Top comments (0)