Spring Security in Spring boot app
Spring Security is a powerful framework that provides authentication, authorization, and protection against common attacks in Java applications. Implementing Spring Security in a simple Spring Boot application involves a few key steps, including adding the necessary dependencies, configuring security settings, and defining user roles and access controls. Steps to Implement Security
Table of Contents
Example
1. Add Spring Security Dependency:
- First, include the Spring Security dependency in your `pom.xml` file if you're using Maven.
```xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
```
Example
2. Create a Security Configuration Class:
- Create a class that extends `WebSecurityConfigurerAdapter` to customize security settings.
```java
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll() // Allow access to home page without authentication
.anyRequest().authenticated() // Require authentication for all other requests
.and()
.formLogin()
.loginPage("/login") // Specify custom login page
.permitAll()
.and()
.logout()
.permitAll();
}
}
```
Example
3. Create a Custom Login Page:
- Create an HTML file named `login.html` in your `src/main/resources/templates` directory to serve as a custom login page.
```html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<form th:action="@{/login}" method="post">
<div>
<label>Username:</label>
<input type="text" name="username"/>
</div>
<div>
<label>Password:</label>
<input type="password" name="password"/>
</div>
<div>
<button type="submit">Sign in</button>
</div>
</form>
</body>
</html>
```
Example
4. Run the Application:
- After configuring security settings, run your Spring Boot application. The application will require users to log in to access any URLs that aren't explicitly allowed.
Example of a Simple Spring Boot Application with Spring Security
```java
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
public class SecurityDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SecurityDemoApplication.class, args);
}
}
@RestController
class HomeController {
@GetMapping("/")
public String home() {
return "Welcome to the home page!";
}
@GetMapping("/admin")
public String admin() {
return "Welcome to the admin page!";
}
}
```
Explanation:
/: This endpoint is accessible without authentication as defined in theSecurityConfigclass./admin: This endpoint requires authentication and is protected by Spring Security.
Conclusion
Implementing Spring Security in a Spring Boot application is straightforward and involves adding the necessary dependencies, creating a security configuration, and defining access rules. By following the steps above, you can secure your application effectively.