Open In App

Spring Boot Security Auto-Configuration

Spring Boot Security Auto Configuration can simplify the process of securing the Spring Boot applications by providing default security configurations. It can automate the many common security tasks such as setting up the authentication, and authorization and it can handle the common security vulnerabilities, allowing the developers to focus on the application logic rather than the boilerplate security configurations of the Spring application.

Spring Boot Security Auto Configuration defines the Spring Security. It is a powerful authentication and access control framework to provide security features out of the box. It can automatically configure the security settings based on the dependencies present in the Spring Boot project. For instance, If Spring security is detected in the classpath and Spring Boot automatically applies sensible default of the security configurations.

Key Terminologies:

Working with Spring Security

Add the Spring Boot Security Dependency

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

By the default, Spring Boot Security Auto configuration secures all the endpoints of the application. Try to accessing any endpoint in the application. Display the prompted to the login in with the default username and password.

Project Implementation of Spring Boot Security Auto-Configuration

Below are the steps to implement Security Auto-Configuration in Spring Boot.

Step 1: We will create a Spring Boot project using Spring STS IDE adding below mentioned dependencies to the project.

Dependencies:

Once we complete the project creation then the file structure looks like the below image.


Folder Structure


Step 2: Open the application.properties file and put the below code for the spring security user credentials configuration of the spring project.

spring.application.name=spring-security-configuration

# Server port
server.port=8080

# Spring Security default user credentials
spring.security.user.name=admin
spring.security.user.password=admin


Step 3: Create a new java package named config, in that package, create the new Java class named as WebSecurity.

Go to src > main > java > springsecurityconfiguration > config > WebSecurity and put the below code.

package org.example.springsecurityconfiguration.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;


@Configuration
public class WebSecurity {
    @Deprecated
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .requestMatchers("/").permitAll() // Allow access to home page
                .anyRequest().authenticated() // Authenticate all other requests
                .and()
                .formLogin().permitAll(); // Enable form login
    }
}


Step 4: Create a new java package named controller, in that package, create a new Java class named HomeController.

Go to src > main > java > springsecurityconfiguration > config > HomeController and put the below code.

package org.example.springsecurityconfiguration.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HomeController {
    @GetMapping("/")
    public String home() {
        return "Welcome to the secure area!";
    }
}


Step 5: Now open the main class file and write the below code.

package org.example.springsecurityconfiguration;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringSecurityConfigurationApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringSecurityConfigurationApplication.class, args);
    }

}


pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.2.4</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>org.example</groupId>
    <artifactId>spring-security-configuration</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>spring-security-configuration</name>
    <description>spring-security-configuration</description>
    <properties>
        <java.version>17</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>


Step 6: Once completed the project, it will run the application as spring project at port 8080. Refer the below output image for the better understanding.

Log File Output


Output:

GET http://localhost:8080/

Sign in Dashboard


Once login with credentials then show the below output.


Output in Browser


If we follow the above steps, then we can demonstrate the Spring Boot Auto configuration in the Spring applications.

Conclusion

Spring Boot Security Auto configuration simplifies the process of the securing the Spring Boot applications by the providing default security configurations. It can automate many common security tasks such as the authentication, authorization and protection against the common security vulnerabilities.

Article Tags :