Basic of Spring Security – Adding Security only with Dependency:
What is Spring Security?
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements. Reference here.
Today in this article we are going to use a very basic Spring Security without much of code.
We are going to cover 2 Scenario’s in this article,
- We are going to add Spring Security dependency and going to login our application with default credentials
- We are going to customize our own username and password for authentication.
Let us create a basic spring security project,
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.7</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.javainfinite</groupId>
<artifactId>security</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>security</name>
<description>Spring Security Basic</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>We have created our main class,
package com.javainfinite.security;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SecurityApplication {
public static void main(String[] args) {
SpringApplication.run(SecurityApplication.class, args);
}
}Now let us create a sample end point which will return a String,
package com.javainfinite.security.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class SecurityController {
@GetMapping("/security")
public String testSecurity() {
return "This is a message from Spring Security";
}
}
Now let us start our application,
When the application starts up, we can see a default password generated by Spring Security. Now let us access our endpoint,
Default username is user and password copy the code from our springboot start-up console,
Now let us try to implement scenario 2 – Customize username and password
Let us customize our username and password by configuring in application.properties,
Now we can configured our username as javainfinite and password as 12345, now let us restart our application and login with the configured credentials,
Now we can see spring security has not created any default password that is because we have declared the password in application.properties file.
That’s it about basics of spring security in this article. For clarifications kindly post your question in comments section, We will get back to you as soon as we can.
Great day!