Spring Security

  1. 🎯 Purpose This document explains how Spring Security’s authentication flow is custom-configured and used inside the auth-service module of the AdventureTube microservices system, especially for authenticating users via Google ID tokens. 2. 🔐 Authentication Scenario The only point where authentication is explicitly triggered is during POST /auth/issueToken. This endpoint receives a valid Google […]

When writing tests for Spring Security, it’s important to align your test scope with the actual application flow. Here’s how to test your CustomUserDetailService correctly in a Spring Boot microservices setup that communicates with another service via RestTemplate and is wired into the AuthenticationManager. ✅ Why Testing AuthenticationManager Is Better Than Calling loadUserByUsername() Calling authenticationManager.authenticate(…):

This document has been created to answer the question of what is the best way to understand Spring Security and customise configuration on demand.  So we will start with the default configuration first and move to the customisation. 1. Default Spring Security Setup (Basic) Description A minimal setup relying on Spring Boot’s auto-configuration. Ideal for

Let’s compares the default credential authentication process used by Spring Security and the custom credential authentication logic defined in the CustomAuthenticationProvider of the auth-service module. ⚙️ Default Credential Flow (Current Behavior) By default, AdventureTube’s auth-service uses Spring Security’s built-in DaoAuthenticationProvider through this configuration: authenticationManagerBuilder .userDetailsService(userDetailsService) .passwordEncoder(passwordEncoder()); 🔁 Flow Spring injects DaoAuthenticationProvider It uses your CustomUserDetailService