DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Enterprise RIA With Spring 3, Flex 4 and GraniteDS
  • Java Spring OAuth2 and Basic Auth Support
  • Spring Cloud Stream: A Brief Guide
  • How to Convert XLS to XLSX in Java

Trending

  • How Clojure Shapes Teams and Products
  • Java's Quiet Revolution: Thriving in the Serverless Kubernetes Era
  • Scalability 101: How to Build, Measure, and Improve It
  • Virtual Threads: A Game-Changer for Concurrency
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Securing Your Applications With Spring Security

Securing Your Applications With Spring Security

Spring Security secures Java apps with authentication, authorization, and protection features, shown in an online banking example.

By 
Arun Pandey user avatar
Arun Pandey
DZone Core CORE ·
Sep. 15, 23 · Tutorial
Likes (4)
Comment
Save
Tweet
Share
12.7K Views

Join the DZone community and get the full member experience.

Join For Free

In today's increasingly digital world, securing your applications has become paramount. As developers, we must ensure that our applications are protected from unauthorized access and malicious attacks. One popular solution for securing Java applications is Spring Security, a comprehensive and customizable framework that provides authentication, authorization, and protection against various security threats.

In this article, we will explore the basics of Spring Security and walk through a real-world example to demonstrate how it can be implemented in your application. By the end of this article, you should have a better understanding of the benefits of using Spring Security and how to utilize its features effectively.

Overview of Spring Security

Spring Security is a powerful and flexible framework designed to protect Java applications. It integrates seamlessly with the Spring ecosystem, providing a wide range of features, including:

  1. Authentication: Verifying the identity of users attempting to access your application.
  2. Authorization: Ensuring that authenticated users have the necessary permissions to access specific resources or perform certain actions.
  3. CSRF protection: Defending your application against Cross-Site Request Forgery (CSRF) attacks.
  4. Session management: Controlling user sessions, including session timeouts and concurrent session limits.

Real-World Example: Secure Online Banking Application

To illustrate the use of Spring Security, let's consider a simple online banking application. This application allows users to view their account balances, transfer money between accounts, and manage their personal information.

Step 1: Set Up Spring Security Dependencies

First, we need to include the necessary dependencies in our project's build file. For a Maven project, add the following to your pom.xml:

Groovy
 
dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-security'
}


Step 2: Configure Spring Security

Next, we need to create a configuration class that extends WebSecurityConfigurerAdapter. This class will define the security rules for our application.

Java
 
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .authorizeRequests()
                .antMatchers("/login", "/register").permitAll()
                .antMatchers("/account/**").hasRole("USER")
                .antMatchers("/transfer/**").hasRole("USER")
                .anyRequest().authenticated()
            .and()
            .formLogin()
                .loginPage("/login")
                .defaultSuccessURL("/dashboard")
            .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login");
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }
}


In this configuration, we have defined the following rules:

  • All users can access the login and registration pages.
  • Only authenticated users with the "USER" role can access the account and transfer-related pages.
  • All other requests require authentication.
  • Custom login and logout URLs are specified.
  • A password encoder is configured to use BCrypt for hashing user passwords.

Step 3: Implement UserDetailsService

Now, we need to create a custom UserDetailsService implementation that retrieves user details from our data source (e.g., a database).

Java
 
@Service
public class CustomUserDetailsService implements UserDetailsService {

    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userRepository.findByUsername(username);
        if (user == null) {
            throw new UsernameNotFoundException("User not found");
        }
        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), getAuthorities(user));
    }

    private Collection<? extends GrantedAuthority> getAuthorities(User user) {
        return user.getRoles().stream()
            .map(role -> new SimpleGrantedAuthority("ROLE_" + role))
            .collect(Collectors.toList());
    }
}


This implementation queries the UserRepository to find a User entity by its username. If the user is found, it returns a Spring Security UserDetails object with the user's details and authorities (roles).

Conclusion

In this article, we introduced Spring Security and demonstrated its use in a simple online banking application. By leveraging the features provided by Spring Security, developers can effectively secure their applications against unauthorized access and common security threats.

While this example only scratches the surface of what Spring Security has to offer, it serves as a starting point for further exploration. As you continue to work with Spring Security, you will discover more advanced features and customization options that can help you tailor the framework to your specific needs.

Spring Security Java (programming language)

Opinions expressed by DZone contributors are their own.

Related

  • Enterprise RIA With Spring 3, Flex 4 and GraniteDS
  • Java Spring OAuth2 and Basic Auth Support
  • Spring Cloud Stream: A Brief Guide
  • How to Convert XLS to XLSX in Java

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!