logo
Guides
About

Spring Security Options

#Programming

spring

Intro to Spring Security

When you have written your Spring Boot application and now it is time to deploy it to some cloud hostages like AWS, Google Cloud Platform or Heroku, to make it is available for others, you need to think how to secure your application, so that you could be sure it is not breached ort used in incorrect way. And that is where Spring Security comes into play. It has all the necessary configuration to secure your app and a lot of ways to do that. So, the basic options to implement Spring Security can be:
  1. Basic Authentication through Form
  2. In-Memory Authentication
  3. JDBC Authentication
  4. Custom Service Authentication (JPA)
  5. JWT Authentication

Getting Started

Further we will show the basic authentication using the html form as an example in Spring Security. To secure your Spring Boot application, you need to add the Spring Security Maven dependency: 
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
            </dependency>
Let’s assume that you have a controller with Thymealeaf templating engine to render your app Home page like this: 
            @Controller
            public class HomeController {

                @GetMapping("/")
                public String getHomePage() {
                    return "home";
                }
            }

This is a basic simple controller that returns “home.html” page when opening the “/” path of your server. After adding the above specified dependency, restart your app and you will see that now the application is secured and the app shows a Login form before accessing the “/” path of your server.

But what are the credentials for logging in? So, by default Spring Security uses "User" as login and the hashed password is logged into the console after you start the app.

You can just copy it and paste into “Password” field. Voila, you now have the secured Spring Boot app. Of course for production environment, this is not a very good idea to use such approach and more thorough configuration will be required. That is what we will cover in next tutorials.