Elementry Authentication with Spring Security

Basic Authentication with Spring Security

In this article, you will learn how to secure RestApi’s in a Spring Boot application using Spring Security.

Suppose you create some RestApi’s( get all data, post data, getbyId ), but there is no username and password to access these Api’s, anyone can access these API’s easily. For solving this problem, we will implement basic authentication in our spring boot application.

Basic Authentication is a basic way of authentication and easy to implement in our application. There is some other authentication we use such as digest, OAuth(Open Authorization), and oauth2 authentication. Oauth2is the best choice, in this method user logs with username and password it generates the token then the user will forward this token to an authentication server, which will either reject or allow this authentication. There is the timing of the token expires.

Steps to implement Basic Authentication in spring-boot Application

1. To add security to our Spring Boot application, we need to add the security starter maven dependency:

<dependency>

<groupId>org.springframework.boot</groupId>

<artifactId>spring-boot-starter-security</artifactId>

</dependency>

This is called the default security configuration. Previously, we used the separate configuration class for security purpose, but now using this dependency automatically include SecurityAutoConfiguration class.

2. We have to define the username and password in the application.properties file

spring.security.user.name= Your username

spring.security.user.password= Your password

If we don't define defined the password in this property file, then if we go to start the application it automatically generates the default password. We get a password in the console of the editor(eclipse or IntelliJ). Each time the application starts, the password will be different.

It looks like this in the console:

Using default security password: c8be15de-4488-4490-9dc6-fab3f91435c6

3. Suppose we have RestApi URL “/postuser” to post the data. Open postman provide Provide URI http://localhost:8080/postusers, click on a body, and provide required data according to your POJO class. You can also use get mapping too. When you click on Send it returns the Status: 401 Unauthorized.

This status tells us that our security authentication is working properly. Now we again go to postman click on Authentication, select the type of authentication Basic Auth and provide your username and password that you provide previously in the application properties file.

Then clicks on the Send button it returns Status: 201 Created means our data is successfully posted using spring security.

If you are using the default security configuration(without defining username and password in properties) the default username is the user and password you will get from a console. The main disadvantage of default security is every time the default password is changed when you restart the application.

We also disable this security auto-configuration and add our own configuration, we also add flexible configuration with multiple users and roles, here we need to add a configuration class.