Spring Bootframework~30 mins

Spring Security auto-configuration in Spring Boot - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Spring Security Auto-Configuration Setup

📖 Scenario: You are building a simple web application using Spring Boot. You want to secure your application with minimal setup by using Spring Security's auto-configuration feature.This will help you protect your web pages with a default login form and basic security settings without writing much code.

🎯 Goal: Set up Spring Security auto-configuration in a Spring Boot project to enable default security features.You will create the main application class, add a configuration property to customize security behavior, and verify the default security is applied.

📋 What You'll Learn

Create a Spring Boot main application class with @SpringBootApplication

Add a configuration property to disable CSRF protection

Use Spring Security auto-configuration without custom security classes

Add a simple REST controller to test security

💡 Why This Matters

🌍 Real World

Spring Security auto-configuration is commonly used to quickly secure web applications with sensible defaults, saving time and effort.

💼 Career

Understanding Spring Security auto-configuration is essential for Java developers working on secure web applications using Spring Boot.

Progress0 / 4 steps

Create the Spring Boot main application class

Create a class called SecurityAutoConfigApplication in package com.example.security with the @SpringBootApplication annotation and a main method that runs SpringApplication.run(SecurityAutoConfigApplication.class, args).

Spring Boot

package com.example.security;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SecurityAutoConfigApplication {
    // Your code here
}

Need a hint?

Use @SpringBootApplication on the class and add a main method that calls SpringApplication.run.

Add a configuration property to disable CSRF

In src/main/resources/application.properties, add the line spring.security.enable-csrf=false to disable CSRF protection in Spring Security auto-configuration.

Spring Boot

package com.example.security;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SecurityAutoConfigApplication {
    public static void main(String[] args) {
        SpringApplication.run(SecurityAutoConfigApplication.class, args);
    }
}

# Add the property spring.security.enable-csrf=false in application.properties

Need a hint?

Open application.properties and add spring.security.enable-csrf=false exactly.

Add a simple REST controller

Create a class called HelloController in package com.example.security with @RestController. Add a method hello() mapped to /hello that returns the string "Hello, secured world!".

Spring Boot

package com.example.security;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

// Your code here

Need a hint?

Use @RestController on the class and @GetMapping("/hello") on the method returning the exact string.

Run the application with Spring Security auto-configuration

Ensure no custom security configuration classes exist. Run the application and verify that Spring Security auto-configuration applies default security with a login form and that CSRF is disabled as configured.

Spring Boot

// No custom security classes should be added
// Run the application and test security behavior
// Your code here

Need a hint?

Do not add any security config classes. Run and check the default login page appears and CSRF is disabled.