Here is an example of spring boot basic authentication using spring security. Security most important feature while working application especially for the web application. The application does not allow to access all information for all user based on user ROLEs allowed to information to complete those requirement spring security is a very useful module of spring. While developing REST API using spring boot basic authentication will be too much important. Here is the complete example of spring boot basic authentication.
At following places, basic authentication plays an important role.
- Develop Rest API
- Internal communication will spring boot application
- Require to pass authentication information in header at every require
- Stateless application development
Table of Contents
pom.xml
To work with spring security following spring boot dependency is requires. Here is complete pom also available.
<dependency>
<groupId>org.springframework.boot</groupId> <!--starter require for spring boot spring security-->
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>spring-boot-example</groupId>
<artifactId>spring-boot-basic-authentication</artifactId>
<version>1.0-SNAPSHOT</version>
<description>spring boot basic authentication</description>
<!-- Inherit defaults from Spring Boot -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.4.RELEASE</version>
</parent>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId> <!--starter require for spring boot spring security-->
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<!-- Package as an executable jar -->
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>SecurityConfiguration
Here users are created in memory. It can be overridden by UserDetailsService if required getting user details from the database. This configuration will automatically enable spring security. By default, spring security will enable for URLs.
package com.javadeveloperzone;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
/**
* Created by JavaDeveloperZone on 04-08-2017.
*/
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired // here is configuration related to spring boot basic authentication
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("zone").password("mypassword").roles("USER")
.and()
.withUser("zone2").password("mypassword").roles("USER");// those are user name and password
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic() // it indicate basic authentication is requires
.and()
.authorizeRequests()
.antMatchers( "/index").permitAll() // /index will be accessible directly no need of any authentication
.anyRequest().authenticated(); // it's indicate all request will be secure
http.csrf().disable();
}
}
SpringBootConfig
Its startup class to start spring boot application.
package com.javadeveloperzone;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
/**
* Created by JavaDeveloperZone on 19-07-2017.
*/
@SpringBootApplication
@ComponentScan // Using a root package also allows the @ComponentScan annotation to be used without needing to specify a basePackage attribute
public class SpringBootConfig {
public static void main(String[] args) throws Exception {
SpringApplication.run(SpringBootConfig.class, args); // it wil start application
}
}
SpringBootExampleController
This controller can only be accessible if a user is authenticated. If user tries to access page first spring security ask for basic authentication and current user details it will be allowed to access information from it.
package com.javadeveloperzone.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* Created by Java Developer Zone on 19-07-2017.
*/
@RestController
public class SpringBootExampleController {
@RequestMapping("/")
public String SpringBootHello() {
return "You are authorise to access this page, You passed spring boot basic authentication successfully..";
}
@RequestMapping("/index")
public String index()
{
return "This is public page";
}
}
Demo
Now run your application and try to access location:8080. It will ask for entering username and password.
spring boot basic authentication – demo
spring boot basic invalid authentication
If authentication success than it will allow accessing information
spring boot basic authentication success
References:
Spring Boot Security Documentation
Was this post helpful?
Let us know if you liked the post. That’s the only way we can improve.
