{{announcement.body}}
{{announcement.title}}

Spring Security — Chapter 1

DZone 's Guide to

Spring Security — Chapter 1

In this article, see how to get started using Spring Security to manage authentication and authorization in a Java application.

· Security Zone ·
Free Resource

Spring Security is a framework that provides authentication and authorization to Java applications.

Authentication is used to confirm the identity of a user, and authorization checks the privileges and rights a user has that determine what resources and actions they have access to within an application.

Here, we will write a simple REST Controller, a greeting service that wishes you good morning when you go to localhost:7000/morning. We will see how it functions with and without security dependencies.

We will start by creating a spring boot project with the following dependencies.

XML
 




xxxxxxxxxx
1


 
1
<dependency>
2
    <groupId>org.springframework.boot</groupId>
3
    <artifactId>spring-boot-starter-security</artifactId>
4
</dependency>
5
<dependency>
6
    <groupId>org.springframework.boot</groupId>
7
    <artifactId>spring-boot-starter-web</artifactId>
8
</dependency>



Now, we will create a simple REST controller that says, "Good Morning."

Java
 




xxxxxxxxxx
1


 
1
@RestController
2
public class GreetingsController {
3
 
          
4
    @GetMapping("/morning")
5
    public String getGreetings() {
6
        return "Good Morning";
7
    }
8
}



Let us update the application.properties file

Plain Text
 




xxxxxxxxxx
1


 
1
server.port=7000



You may also like: OAuth 2.0 Beginner's Guide.

Now, if you run the application and go to localhost:7000/morning, you will be presented with a login screen, as shown below:

Default user sign in

Default user sign in

When you run the application, there will be a security password generated in the console. You can copy it and paste it. The default user name is "user", and the password can be copied from the console.

This will take you to page that says "Good Morning".

Now, if you comment out the security dependency and run the application, you will be taken directly to the page that wishes you "Good Morning".

This gives you a feel for Spring Security can help you secure your application. Now, let's override the default security User Name and Password.

One way of doing this is by creating the application.properties file, as shown below:

Properties files
 




xxxxxxxxxx
1


 
1
server.port=7000
2
spring.security.user.name=hello
3
spring.security.user.password=world



Now, you can run the application. Make sure you uncomment the security dependencies in the POM file.

You will be taken to the same login screen as above, and you can enter "hello" as the username and "world" as the password. You will now be greeted with "Good Morning".

Another way of doing this is by using Java code. Let's comment out the last two lines in the application.properties file, as shown below:

Properties files
 




xxxxxxxxxx
1


 
1
server.port=7000
2
#spring.security.user.name=hello
3
#spring.security.user.password=world



Now, let's write some code. This will require you to Autowire a password encoder. I am using the Bcrypt password encoder. When we try to run the application with @Autowire password encoder, we get an error. We should define a bean for the password encoder. You can also use the NoOpPasswordEncoder, which is deprecated. Have a look at the code below:

Java
 




xxxxxxxxxx
1
23


 
1
@EnableWebSecurity
2
public class SecurityConfig  extends WebSecurityConfigurerAdapter {
3
    @Autowired
4
    private PasswordEncoder passwordEncoder;
5
 
          
6
    @Override
7
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
8
        auth.inMemoryAuthentication()
9
                .withUser("user").
10
//                password("user").
11
//                roles("USER");
12
                password(passwordEncoder.encode( "user")).roles("USER");
13
    }
14
    @Bean
15
    public PasswordEncoder passwordEncoder() {
16
        return new BCryptPasswordEncoder();
17
    }
18
//    @Bean
19
//    public PasswordEncoder passwordEncoder() {
20
//        return NoOpPasswordEncoder.getInstance();
21
//    }
22
}
23
 
          



When using the NoOpPasswordEncoder you don't require an encoder for the password.

Now, by running this application, you will be taken to the same login screen where you can enter the username as "user" and the password as "user". You will be greeted with "Good Morning".

You can find the full source code at https://github.com/gudpick/security-demo.

You can find the video tutorial at https://youtu.be/e-9rPnlHWL8.



Further Reading

Topics:
authentication ,java ,jwt ,security ,sprin security ,tutorial

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}