Spring Security Interview Questions

Top 46 Spring Security Interview Questions And Answers Pdf

1. What do you mean by Dependency Injection ?

Answer:

In Dependency Injection, you do not have to create your objects but have to describe how they should be created. You don’t connect your components and services together in the code directly, but describe which services are needed by which components in the configuration file. The IoC container will wire them up together.

Top 46 Spring Security Interview Questions And Answers Pdf

2. What is Dispatcher Servlet and Context Loader Listener ?

Answer:

DispatcherServlet is the front controller in the Spring MVC application and it loads the spring bean configuration file and initialize all the beans that are configured. If annotations are enabled, it also scans the packages and configure any bean annotated with @Component, @Controller, @Repository or @Service annotations.

ContextLoaderListener is the listener to start up and shut down Spring’s root WebApplicationContext. It’s important functions are to tie up the lifecycle of ApplicationContext to the lifecycle of the ServletContext and to automate the creation of ApplicationContext. We can use it to define shared beans that can be used across different spring contexts.

3. What is View Resolver in Spring ?

Answer:

ViewResolver implementations are used to resolve the view pages by name. Usually we configure it in the spring bean configuration file.

For example:

InternalResourceViewResolver is one of the implementation of ViewResolver interface and we are providing the view pages directory and suffix location through the bean properties. So if a controller handler method returns “home”, view resolver will use view page located at /WEB-INF/views/home.jsp.

4. How many types of IOC containers are there in spring ?

Answer:

BeanFactory: BeanFactory is like a factory class that contains a collection of beans. It instantiates the bean whenever asked for by clients.
ApplicationContext: The ApplicationContext interface is built on top of the BeanFactory interface. It provides some extra functionality on top BeanFactory.

5. Explain the AOP module ?

Answer:

The AOP module is used for developing aspects for our Spring-enabled application. Much of the support has been provided by the AOP Alliance in order to ensure the interoperability between Spring and other AOP frameworks. This module also introduces metadata programming to Spring.

6. List some of the benefits of IoC ?

Answer:

Some of the benefits of IoC are:

It will minimize the amount of code in your application.
It will make your application easy to test because it doesn’t require any singletons or JNDI lookup mechanisms in your unit test cases.
It promotes loose coupling with minimal effort and least intrusive mechanism.
It supports eager instantiation and lazy loading of the services.

7. In how many ways can Dependency Injection be done ?

Answer:
In general, dependency injection can be done in three ways, namely :

Constructor Injection
Setter Injection
Interface Injection
In Spring Framework, only constructor and setter injections are used.

8. What is the role of the @Required annotation ?

Answer:

The @Required annotation is used on setter methods, and it indicates that the bean property that has this annotation must be populated at configuration time. Otherwise, the Spring container will throw a BeanInitializationException exception.

Also, @Required differs from @Autowired – as it is limited to a setter, whereas @Autowired is not. @Autowired can be used to wire with a constructor and a field as well, while @Required only checks if the property is set.

Let’s see an example:

public class Person
private String name;

@Required
public void setName(String name)
this.name = name;
Now, the name of the Person bean needs to be set in XML config like this:

Top 46 Spring Security Interview Questions And Answers Pdf

9. Can we have multiple Spring configuration files in one project ?

Answer:

Yes, in large projects, having multiple Spring configurations is recommended to increase maintainability and modularity.

You can load multiple Java-based configuration files:

@Configuration
@Import({MainConfig.class, SchedulerConfig.class})
public class AppConfig {
Or load one XML file that will contain all other configs:

ApplicationContext context = new ClassPathXmlApplicationContext(“spring-all.xml”);
And inside this XML file you’ll have:

10. What is Spring Boot ?

Answer:

Spring Boot is a project that provides a pre-configured set of frameworks to reduce boilerplate configuration so that you can have a Spring application up and running with the smallest amount of code.

11. Explain Spring Beans ?

Answer:

They are the objects that form the backbone of the user’s application.
Beans are managed by the Spring IoC container.
They are instantiated, configured, wired and managed by a Spring IoC container
Beans are created with the configuration metadata that the users supply to the container.Bean generation.

12. What is Spring IoC Container ?

Answer:

Inversion of Control (IoC) is the mechanism to achieve loose-coupling between Objects dependencies. To achieve loose coupling and dynamic binding of the objects at runtime, the objects define their dependencies that are being injected by other assembler objects. Spring IoC container is the program that injects dependencies into an object and make it ready for our use.

Spring Framework IoC container classes are part of org.springframework.beans and org.springframework.context packages and provides us different ways to decouple the object dependencies.

Some of the useful ApplicationContext implementations that we use are;

AnnotationConfigApplicationContext: For standalone java applications using annotations based configuration.
ClassPathXmlApplicationContext: For standalone java applications using XML based configuration.
FileSystemXmlApplicationContext: Similar to ClassPathXmlApplicationContext except that the xml configuration file can be loaded from anywhere in the file system.
AnnotationConfigWebApplicationContext and XmlWebApplicationContext for web applications.

13. How many bean scopes are supported by Spring ?

Answer:

The Spring Framework supports five scopes. They are:

Singleton: This provides scope for the bean definition to single instance per Spring IoC container.
Prototype: This provides scope for a single bean definition to have any number of object instances.
Request: This provides scope for a bean definition to an HTTP-request.
Session: This provides scope for a bean definition to an HTTP-session.
Global-session: This provides scope for a bean definition to an Global HTTP-session.
The last three are available only if the users use a web-aware ApplicationContext.

14. What are the limitations with auto wiring ?

Answer:

Following are some of the limitations you might face with auto wiring:

Overriding possibility: You can always specify dependencies using and settings which will override autowiring.
Primitive data type: Simple properties such as primitives, Strings and Classes can’t be autowired.
Confusing nature: Always prefer using explicit wiring because autowiring is less precise.

15. What are the different types of Advices ?

Answer:

Before: These types of advices execute before the joinpoint methods and are configured using @Before annotation mark.
After returning: These types of advices execute after the joinpoint methods completes executing normally and are configured using @AfterReturning annotation mark.
After throwing: These types of advices execute only if joinpoint method exits by throwing an exception and are configured using @AfterThrowing annotation mark.
After (finally): These types of advices execute after a joinpoint method, regardless of the method’s exit whether normally or exceptional return and are configured using @After annotation mark.
Around: These types of advices execute before and after a joinpoint and are configured using @Around annotation mark.

16. Point out the difference between concern and cross-cutting concern in Spring AOP ?

Answer:

The concern is the behavior we want to have in a particular module of an application. It can be defined as a functionality we want to implement.

The cross-cutting concern is a concern which is applicable throughout the application. This affects the entire application. For example, logging, security and data transfer are the concerns needed in almost every module of an application, thus they are the cross-cutting concerns.

Top 46 Spring Security Interview Questions And Answers Pdf

17. What are the difference between Spring AOP and AspectJ AOP ?

Answer:

Spring AOP vs AspectJ AOP
Spring AOP AspectJ AOP
Runtime weaving through proxy is done Compile time weaving through AspectJ Java tools is done
It supports only method level PointCut It suports field level Pointcuts
It is DTD based It is schema based and Annotation configuration

18. What do you mean by Spring MVC framework ?

Answer:

The Spring web MVC framework provides model-view-controller architecture and ready to use components that are used to develop flexible and loosely coupled web applications. The MVC pattern helps in separating the different aspects of the application like input logic, business logic and UI logic, while providing a loose coupling between all these elements.

19. What are the advantages of spring framework ?

Answer:

Predefined Templates
Loose Coupling
Easy to test
Lightweight
Fast Development
Powerful Abstraction
Declarative support

20. What are the different bean scopes in spring ?

Answer:

There are 5 bean scopes in spring framework.

No. Scope Description
1) singleton The bean instance will be only once and same instance will be returned by the IOC container. It is the default scope.
2) prototype The bean instance will be created each time when requested.
3) request The bean instance will be created per HTTP request.
4) session The bean instance will be created per HTTP session.
5) globalsession The bean instance will be created per HTTP global session. It can be used in portlet context only.

21. What are the advantages of JdbcTemplate in spring ?

Answer:

Less code: By using the JdbcTemplate class, you don’t need to create connection,statement,start transaction,commit transaction and close connection to execute different queries. You can execute the query directly.

22. What are the AOP terminology ?

Answer:

AOP terminologies or concepts are as follows:

JoinPoint
Advice
Pointcut
Aspect
Introduction
Target Object
Interceptor
AOP Proxy
Weaving

23. What are the types of advice in AOP ?

Answer:

There are 5 types of advices in spring AOP.

Before Advice
After Advice
After Returning Advice
Throws Advice
Around Advice

24. What is the front controller class of Spring MVC ?

Answer:

The DispatcherServlet class works as the front controller in Spring MVC.

Top 46 Spring Security Interview Questions And Answers Pdf

25. What does the ViewResolver class ?

Answer:

The View Resolver class resolves the view component to be invoked for the request. It defines prefix and suffix properties to resolve the view component.26. Explain the Core Container (Application context) module ?Answer:
This is the basic Spring module, which provides the fundamental functionality of the Spring framework. BeanFactory is the heart of any spring-based application. Spring framework was built on the top of this module, which makes the Spring container.

27. What are main features of Spring frameworks ?

Answer:

Lightweight:

spring is lightweight when it comes to size and transparency. The basic version of spring framework is around 1MB. And the processing overhead is also very negligible.
Inversion of control (IOC):
The basic concept of the Dependency Injection or Inversion of Control is that, programmer do not need to create the objects, instead just describe how it should be created.
Aspect oriented (AOP):

Spring supports Aspect oriented programming .
Aspect oriented programming refers to the programming paradigm which isolates secondary or supporting functions from the main program’s business logic. AOP is a promising technology for separating crosscutting concerns, something usually hard to do in object-oriented programming. The application’s modularity is increased in that way and its maintenance becomes significantly easier.
Container:
Spring contains and manages the life cycle and configuration of application objects.
MVC Framework:
Spring comes with MVC web application framework, built on core Spring functionality. This framework is highly configurable via strategy interfaces, and accommodates multiple view technologies like JSP, Velocity, Tiles, iText, and POI.
Transaction Management:
Spring framework provides a generic abstraction layer for transaction management. This allowing the developer to add the pluggable transaction managers, and making it easy to demarcate transactions without dealing with low-level issues.
JDBC Exception Handling:
The JDBC abstraction layer of the Spring offers a meaningful exception hierarchy, which simplifies the error handling strategy. Integration with Hibernate, JDO, and iBATIS: Spring provides best Integration services with Hibernate, JDO and iBATIS.

28. What are the different ORM’s supported by Spring ?

Answer:

Different ORM’s supported by Spring are depicted via the below diagram.

29. What does a Spring application look like ?

Answer:

An interface that defines the functions.
The implementation that contains properties, its setter and getter methods, functions etc.,
Spring AOP
The Spring configuration XML file.
Client program that uses the function

30. Are Singleton beans thread safe in Spring Framework ?

Answer:

No, singleton beans are not thread-safe in Spring framework.

31. What are inner beans in Spring ?

Answer:

When a bean is only used as a property of another bean it can be declared as an inner bean. Spring’s XML-based configuration metadata provides the use of element inside the or elements of a bean definition, in order to define the so-called inner bean. Inner beans are always anonymous and they are always scoped as prototypes.

32. Are there limitations with auto wiring ?

Answer:

Limitations of autowiring are:

Overriding: You can still specify dependencies using and settings which will always override autowiring.
Primitive data types: You cannot autowire simple properties such as primitives, Strings, and Classes.
Confusing nature: Autowiring is less exact than explicit wiring, so if possible prefer using explicit wiring.

Top 46 Spring Security Interview Questions And Answers Pdf

33. Join point ?

Answer:

The join point represents a point in an application where we can plug-in an AOP aspect. It is the actual place in the application where an action will be taken using Spring AOP framework.

34. What is the role of IOC container in spring ?

Answer:

IOC container is responsible to:

create the instance
configure the instance, and
assemble the dependencies.

35. Bean Factory – Bean Factory implementation example ?

Answer:

A BeanFactory is an implementation of the factory pattern that applies Inversion of Control to separate the application’s configuration and dependencies from the actual application code.

36. Which View Resolver class is widely used ?

Answer:

The org.springframework.web.servlet.view.InternalResourceViewResolver class is widely used.

37. What is the difference between constructor injection and setter injection ?

Answer:

No. Constructor Injection Setter Injection
1) No Partial Injection Partial Injection
2) Desn’t override the setter property Overrides the constructor property if both are defined.
3) Creates new instance if any modification occurs Doesn’t create new instance if you change the property value
4) Better for too many properties Better for few properties.

38. What is autowiring in spring? What are the autowiring modes ?

Answer:

Autowiring enables the programmer to inject the bean automatically. We don’t need to write explicit injection logic.

39. What are the AOP implementation ?

Answer:

There are 3 AOP implementation.

Spring AOP
Apache AspectJ
JBoss AOP

40. Does spring perform weaving at compile time ?

Answer:

No, spring framework performs weaving at run time.

Top 46 Spring Security Interview Questions And Answers Pdf

41. Does spring framework support all JoinPoints ?

Answer:

No, spring framework supports method execution join point only.

42. What are the advantages of spring AOP ?

Answer:

AOP enables you to dynamically add or remove concern before or after the business logic. It is pluggable and easy to maintain.

43. What do you mean by Proxy in Spring Framework ?

Answer:

An object which is created after applying advice to a target object is known as a Proxy. In case of client objects the target object and the proxy object are the same.

44. What are the modules of spring framework ?

Answer:

Test
Spring Core Container
AOP, Aspects and Instrumentation
Data Access/Integration
Web

45. Explain Web Application Context ?

Answer:

The WebApplicationContext is an extension of the plain ApplicationContext. It has some extra features that are necessary for web applications. It differs from a normal ApplicationContext in terms of its capability of resolving themes and in deciding which servlet it is associated with.46. What are the transaction management supports provided by spring ?Answer:
Spring framework provides two type of transaction management supports:

Programmatic Transaction Management: should be used for few transaction operations.
Declarative Transaction Management: should be used for many transaction operations.