Spring Security auto-configuration helps you add security to your app quickly without writing lots of setup code.
spring-boot-starter-security dependency in build file @Configuration @EnableWebSecurity public class SecurityConfig { // Optional customizations }
Just adding the spring-boot-starter-security dependency triggers auto-configuration.
You can override defaults by creating your own @Configuration class.
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-security'
}@SpringBootApplication public class MyApp { public static void main(String[] args) { SpringApplication.run(MyApp.class, args); } }
@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests(authz -> authz.anyRequest().authenticated()) .formLogin(); return http.build(); } }
This simple Spring Boot app uses Spring Security auto-configuration. When you run it and visit http://localhost:8080, it will ask for a login because security is enabled by default.
package com.example.demo; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } }
By default, Spring Security creates a user with a generated password printed in the console.
You can customize users and passwords in application.properties or with your own config class.
Auto-configuration saves time but you can always override it for full control.
Adding spring-boot-starter-security enables default security automatically.
It protects all web endpoints with a login page by default.
You can customize or disable auto-configuration by providing your own security setup.