Spring Bootframework~30 mins

Why Spring Security matters in Spring Boot - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Why Spring Security Matters

📖 Scenario: You are building a simple web application that needs to protect sensitive pages from unauthorized access. You want to understand why adding security is important and how Spring Security helps with that.

🎯 Goal: Create a basic Spring Boot application with Spring Security configured to protect a web page. You will set up user data, configure security rules, and secure the application so only authenticated users can access the protected page.

📋 What You'll Learn

Create a user data setup with username and password

Add a configuration variable for user roles

Implement Spring Security configuration to protect a URL path

Complete the security setup to require login for the protected page

💡 Why This Matters

🌍 Real World

Web applications often need to protect sensitive pages and data from unauthorized users. Spring Security provides a simple way to add authentication and authorization.

💼 Career

Understanding Spring Security is essential for backend developers working with Java and Spring Boot to build secure applications.

Progress0 / 4 steps

DATA SETUP: Create user details

Create a UserDetails object called user with username "user1", password "password123", and role "USER" using User.withDefaultPasswordEncoder().

Spring Boot

# Create a UserDetails object called user with username "user1", password "password123", and role "USER"
# Your code here

Need a hint?

Use User.withDefaultPasswordEncoder() to create a user with username, password, and roles.

CONFIGURATION: Define user role

Create a String variable called role and set it to "USER" to represent the user role.

Spring Boot

UserDetails user = User.withDefaultPasswordEncoder()
    .username("user1")
    .password("password123")
    .roles("USER")
    .build();

// Create a String variable called role and set it to "USER"
// Your code here

Need a hint?

Just create a String variable named role and assign it the value "USER".

CORE LOGIC: Configure Spring Security to protect URL

Create a SecurityFilterChain bean method called filterChain that configures HTTP security to require authentication for any request and uses form login. Use http.authorizeHttpRequests().anyRequest().authenticated() and http.formLogin().

Spring Boot

UserDetails user = User.withDefaultPasswordEncoder()
    .username("user1")
    .password("password123")
    .roles("USER")
    .build();

String role = "USER";

// Create a SecurityFilterChain bean method called filterChain
// Configure http to require authentication for any request and enable form login
// Your code here

Need a hint?

Use http.authorizeHttpRequests().anyRequest().authenticated() to protect all URLs and http.formLogin() to enable login form.

COMPLETION: Finalize security setup with in-memory user details

Create a UserDetailsService bean method called userDetailsService that returns an InMemoryUserDetailsManager initialized with the user object.

Spring Boot

UserDetails user = User.withDefaultPasswordEncoder()
    .username("user1")
    .password("password123")
    .roles("USER")
    .build();

String role = "USER";

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests()
        .anyRequest().authenticated()
        .and()
        .formLogin();
    return http.build();
}

// Create a UserDetailsService bean method called userDetailsService
// Return an InMemoryUserDetailsManager initialized with user
// Your code here

Need a hint?

Return a new InMemoryUserDetailsManager with the user object inside the userDetailsService bean method.