Spring Security with Spring Boot – Basic Authentication

In this article, we are going to implement basic spring security in spring boot application . We will first create a simple Spring Boot application after that we will use login password authentication of spring security on our spring boot application.

What is Spring Security?

Spring Security is a framework that provides the feature of authentication and access control. With spring security we easily add a security layer to our application.

Let’s start the coding, first, we are going to create a simple spring boot application and in this application, we just create a controller class.

Spring Boot Application

Let’s create a spring boot application from spring initializer with spring web dependency only.

Now open the spring boot project in IntelliJ or any other ide. Here we are just going to create a controller class with 1 get mapping method. So create a controller class and add following code in the controller class.

Controller

package com.gangforcode.springSecurityBeginner.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class Controller {

    @GetMapping("/hello")
    public String welcome()
    {
        return "welcome to the spring security tutorial";
    }
}

After creating the controller run the spring boot application and visit “localhost:8080/hello” in the browser. Here we are directly accessing the resource because there is no security layer. So anyone can access our resources in this case.

How to secure our microservice with Spring Security ?

Here we are going to see how we can secure our microservice with spring security. Now add the dependency of spring security in your pom.xml file and restart your service

Spring Security Dependency

<dependency>      
<groupId>org.springframework.boot</groupId>     
<artifactId>spring-boot-starter-security</artifactId>  
</dependency>

After adding this dependency, when you re-run the application Spring boot will detect Spring Security on the classpath, and it will automatically auto-configure Spring Security for HTTP Basic Authentication with the default user name “user” and the password will be auto-generated you can check in terminal. We can override the default username and password in spring security and we will do it later after testing the endpoints with spring security’s default username and password.

Now again go to the browser and hit same the URL “localhost:8080/hello” and you will be redirected to a login page.

The login or security is added by Spring Security. Here we have to enter the proper Username and Password. By default, Username will be “user” and the password is auto-generated you can check in the terminal.

Only after entering the proper username and password, you are able to access the resource.

We also update / set the spring security username and password –

How to set Spring security username and password

For setting / overriding username and password we have to set username and password in the application.properties file as given below –

spring.security.user.name = springSecurity
spring.security.user.password= springSecurity

Now we can log in with an updated username and password and access the resource. We can do many more things with spring security, for learning more about spring security you can check spring security tutorials on our website.