Here is an example of spring boot basic authentication using spring security. Security most important feature while working application especially for the web application. The application does not allow to access all information for all user based on user ROLEs allowed to information to complete those requirement spring security is a very useful module of spring. While developing REST API using spring boot basic authentication will be too much important. Here is the complete example of spring boot basic authentication.

At following places, basic authentication plays an important role.

  • Develop Rest API
  • Internal communication will spring boot application
  • Require to pass authentication information in header at every require
  • Stateless application development

pom.xml

To work with spring security following spring boot dependency is requires. Here is complete pom also available.

<dependency>
    <groupId>org.springframework.boot</groupId>  <!--starter require for spring boot spring security-->
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>spring-boot-example</groupId>
    <artifactId>spring-boot-basic-authentication</artifactId>
    <version>1.0-SNAPSHOT</version>
    <description>spring boot basic authentication</description>
    <!-- Inherit defaults from Spring Boot -->
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.4.RELEASE</version>
    </parent>
    <properties>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
    </properties>
    <dependencies>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>  <!--starter require for spring boot spring security-->
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>

    <!-- Package as an executable jar -->
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

SecurityConfiguration

Here users are created in memory. It can be overridden by UserDetailsService if required getting user details from the database. This configuration will automatically enable spring security. By default, spring security will enable for URLs.

package com.javadeveloperzone;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

/**
 * Created by JavaDeveloperZone on 04-08-2017.
 */
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

    @Autowired      // here is configuration related to spring boot basic authentication
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("zone").password("mypassword").roles("USER")
            .and()
            .withUser("zone2").password("mypassword").roles("USER");// those are user name and password
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .httpBasic() // it indicate basic authentication is requires
        .and()
        .authorizeRequests()
        .antMatchers( "/index").permitAll() // /index will be accessible directly no need of any authentication
        .anyRequest().authenticated(); // it's indicate all request will be secure

        http.csrf().disable();

   }
}

SpringBootConfig

Its startup class to start spring boot application.

package com.javadeveloperzone;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;

/**
 * Created by JavaDeveloperZone on 19-07-2017.
 */

@SpringBootApplication
@ComponentScan // Using a root package also allows the @ComponentScan annotation to be used without needing to specify a basePackage attribute
public class SpringBootConfig {
    public static void main(String[] args) throws Exception {
        SpringApplication.run(SpringBootConfig.class, args);            // it wil start application
    }
}

SpringBootExampleController

This controller can only be accessible if a user is authenticated. If user tries to access page first spring security ask for basic authentication and current user details it will be allowed to access information from it.

package com.javadeveloperzone.controller;


import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * Created by Java Developer Zone on 19-07-2017.
 */
@RestController
public class SpringBootExampleController {

    @RequestMapping("/")
    public String SpringBootHello() {
        return "You are authorise to access this page, You passed spring boot basic authentication successfully..";
    }
    @RequestMapping("/index") 
    public String index() 
    { 
       return "This is public page"; 
    }
}

Demo

Now run your application and try to access location:8080. It will ask for entering username and password.
spring boot basic authentication - demo

spring boot basic authentication – demo

If authentication failed than it will return 404 status code. Its indicate Unauthorized access.
spring boot basic invalid authentication

spring boot basic invalid authentication

If authentication success than it will allow accessing information
spring boot basic authentication success

spring boot basic authentication success

 

References:

Spring Boot Security Documentation

 

Was this post helpful?
Let us know, if you liked the post. Only in this way, we can improve us.
Yes
No

Leave a Reply

Your email address will not be published. Required fields are marked *