What is Why Spring Security matters in Spring Boot?

Spring Bootframework~5 mins

Why Spring Security matters in Spring Boot

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

Spring Security helps protect your app from bad users and keeps data safe. It makes sure only the right people can see or change things.

You want to stop strangers from accessing your website or app.

You need to check who is using your app before showing sensitive info.

You want to control what different users can do inside your app.

You want to protect your app from common online attacks.

You want to add login and logout features easily.

Syntax

Spring Boot

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .and()
            .httpBasic();
    }
}

This is a basic setup to require login for all pages.

@EnableWebSecurity turns on security features in your app.

Examples

Requires login for all pages and shows a login form.

Spring Boot

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin();
    }
}

Makes URLs under /public open to everyone, but others need login.

Spring Boot

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/public/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .httpBasic();
    }
}

Sample Program

This Spring Boot app uses Spring Security to require users to log in before accessing any page. It shows a simple login form automatically.

Spring Boot

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@SpringBootApplication
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

@Configuration
@EnableWebSecurity
class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin();
    }
}

OutputSuccess

Important Notes

Spring Security works behind the scenes to protect your app without much setup.

You can customize who can access what by changing the rules in the configuration.

It also helps protect against common attacks like CSRF and session fixation.

Summary

Spring Security keeps your app safe by controlling access.

It is easy to add login and protect pages with simple setup.

You can customize security rules to fit your app's needs.