Spring Security · Early Access · Beginner Friendly

Spring Security, Simplified

Stop fighting the docs. Learn modern Spring Security step-by-step with real-world code and honest, detailed explanations.

This guide is designed for Spring Boot developers, not security academics — and once you finish the core chapters, the official Spring Security docs will finally make sense.

Start ReadingView Curriculum
  • ✅ Beginner-friendly explanations
  • ✅ Based on real Spring Boot projects
  • ✅ Focus on why, not just what

Who is this guide for?

Confused by the official docs

You've tried reading them, but FilterChains, matchers, and DSL configs feel overwhelming.

Spring Boot dev, not a security pro

You just want a secure app that works in real life, without memorizing every internal detail.

Learn better with real code

Live demos, working examples, and full source code you can run and tweak locally.

What you'll learn

The first chapters are completely free and give you a solid foundation before we dive into authentication flows, session management, OAuth2, and real-world architectures.

Available now

  • 1. Learning curve & expectations
  • 2. Core concepts of Spring Security
  • 3. Architecture with airport analogy
  • 4. Getting started with Spring Boot
  • 5. Debugging & logging
  • 6. Bypass security (properly)
  • 7. H2 Console & CSRF/frame options
  • 8. Static resources & PathRequest

Coming soon (Authentication & OAuth2)

  • Authentication
    • Form Login: .formLogin, custom .loginPage, .defaultSuccessUrl, success & failure handlers,.withObjectPostProcessor
    • HTTP Basic: .httpBasic, how it works, .authenticationEntryPoint, real-world use cases
    • Logout: .logout, URLs, confirmation page, custom handlers,.deleteCookies, invalidate session, clear authentication
    • Remember Me: .rememberMe, BasicAuthenticationFilter, token-based and persistent remember-me services
  • UserDetails & Exercises
    • Configure users via application.properties
    • InMemoryUserDetailsManager
    • JdbcUserDetailsManager
    • Spring Data integration for custom user stores
  • Authentication internals
    • Authentication & Principal in practice
    • AuthenticationManager and how it plugs into the filter chain
    • Request cache and post-login redirects
    • Session management: real-time suspend & permission changes
  • OAuth2 & OIDC
    • Getting started with OAuth2 in Spring Security
    • OAuth2 Resource Server: internal APIs vs external authorization server
    • OAuth2 Login: GitHub, Google, Facebook, Keycloak, and combining with form login
    • OAuth2 Client: obtaining access tokens, calling APIs, Keycloak & Google API integration

Why this guide is different

Built from real pain

Written after debugging real projects, weird 403s, CSRF issues, and filter chain confusion — not just theory.

Visual and analogy-first

Diagrams, metaphors, and step-by-step walkthroughs, so you understand how requests actually flow through the system.

Real stack, not toy apps

Spring Boot first, then (later) Keycloak, Next.js, and even Kubernetes / K3s for realistic scenarios.

Practical recipes

H2 console fix, static assets, OpenAPI docs, debugging 403s — the stuff you actually hit in day-to-day work.

About this project

This guide began as my own notes while learning Spring Security in real projects. I was tired of hunting through scattered internet resources, so I documented the concepts in a way that finally made sense — and that others can benefit from too. Over time, this grew into a personal goal, reflecting my desire to contribute something clear, practical, and helpful to the community.

During this early phase, the bulk of the essential content is available for free. As the guide matures, deeply advanced topics and full demo applications may transition into a paid edition, but the core concepts and main instructional flow will always be accessible.``

Share early feedback →