Category : Spring Boot | Sub Category : Spring Boot | By Prasad Bonam Last updated: 2023-07-09 10:08:53 Viewed : 544
Spring Security in a Spring Boot application:
Here is an example of how to implement Spring Security in a Spring Boot application:
pom.xml
file:xml<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
WebSecurityConfigurerAdapter
and override the necessary methods to customize the security configuration:javaimport org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/public").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout();
}
}
In this example, the configure()
method is overridden to define the security rules. The authorizeRequests()
method specifies which requests should be authorized, and in this case, /public
is allowed for all users. The anyRequest().authenticated()
ensures that any other request requires authentication. The formLogin()
method configures form-based authentication, and logout()
enables logout functionality.
configure()
method with AuthenticationManagerBuilder
in the configuration class:javaimport org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder passwordEncoder = getPasswordEncoder();
auth
.inMemoryAuthentication()
.withUser("user")
.password(passwordEncoder.encode("password"))
.roles("USER");
}
private PasswordEncoder getPasswordEncoder() {
// Return the password encoder of your choice (e.g., BCryptPasswordEncoder)
return new PlainTextPasswordEncoder();
}
}
In this example, the configureGlobal()
method is overridden to configure an in-memory user store. You can customize this method to load user details from a database or other external sources.
javaimport org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class MyController {
@GetMapping("/public")
public String publicEndpoint() {
return "Public Endpoint";
}
@GetMapping("/secured")
@Secured("ROLE_USER")
public String securedEndpoint() {
return "Secured Endpoint";
}
}
In this example, the /public
endpoint is accessible to all users, while the /secured
endpoint requires the user to have the ROLE_USER
role.
This is a basic example to demonstrate the setup of Spring Security in a Spring Boot application. You can customize and extend the configuration based on your specific requirements, such as using a database-backed user store, integrating with OAuth providers, or implementing custom authentication providers.