Spring Bootframework~30 mins

HTTP Basic authentication in Spring Boot - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

HTTP Basic authentication

📖 Scenario: You are building a simple Spring Boot web application that needs to protect its endpoints with HTTP Basic authentication. This means users must provide a username and password to access the app.

🎯 Goal: Set up HTTP Basic authentication in a Spring Boot app to secure all endpoints with a username and password.

📋 What You'll Learn

Create a Spring Boot application class

Add a security configuration class to enable HTTP Basic authentication

Configure an in-memory user with username user and password password

Secure all HTTP endpoints so they require authentication

💡 Why This Matters

🌍 Real World

HTTP Basic authentication is a simple way to protect web applications by requiring a username and password. It is often used for internal tools or APIs.

💼 Career

Understanding how to configure HTTP Basic authentication in Spring Boot is important for backend developers to secure applications quickly and effectively.

Progress0 / 4 steps

Create the Spring Boot application class

Create a class called BasicAuthApplication with the @SpringBootApplication annotation and a main method that runs SpringApplication.run(BasicAuthApplication.class, args).

Spring Boot

// Your code here

Need a hint?

This is the main class to start your Spring Boot app. Use @SpringBootApplication and a main method.

Add a security configuration class

Create a class called SecurityConfig annotated with @Configuration and @EnableWebSecurity. Inside, define a SecurityFilterChain bean method called filterChain that takes HttpSecurity http as a parameter.

Spring Boot

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.context.annotation.Bean;

// Your code here

Need a hint?

This class will hold your security setup. Use @Configuration and @EnableWebSecurity. Define a SecurityFilterChain bean method.

Configure HTTP Basic authentication and require authentication for all requests

In the filterChain method, configure http to require authentication for any request and enable HTTP Basic authentication by calling http.authorizeHttpRequests().anyRequest().authenticated() and http.httpBasic(). Then return http.build().

Spring Boot

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class BasicAuthApplication {
    public static void main(String[] args) {
        SpringApplication.run(BasicAuthApplication.class, args);
    }
}

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.context.annotation.Bean;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        // Configure HTTP Basic authentication and require authentication for all requests
        // Your code here
    }
}

Need a hint?

Use http.authorizeHttpRequests().anyRequest().authenticated() to require login for all requests and http.httpBasic() to enable HTTP Basic authentication.

Add an in-memory user with username and password

In the SecurityConfig class, add a UserDetailsService bean method called users that returns an InMemoryUserDetailsManager with a user having username user, password password, and role USER. Use User.withDefaultPasswordEncoder() to create the user.

Spring Boot

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class BasicAuthApplication {
    public static void main(String[] args) {
        SpringApplication.run(BasicAuthApplication.class, args);
    }
}

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.core.userdetails.User;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests().anyRequest().authenticated();
        http.httpBasic();
        return http.build();
    }

    // Your code here
}

Need a hint?

Create a UserDetailsService bean that returns an InMemoryUserDetailsManager with a user named user and password password. Use User.withDefaultPasswordEncoder() to build the user.