- Spring Boot - Google OAuth2 Sign-In
- Spring Boot - Google Cloud Platform
- Spring Boot - OAuth2 with JWT
- Securing Web Applications
- Spring Boot - Database Handling
- Rest Controller Unit Test
- Spring Boot - Unit Test Cases
- Spring Boot - Twilio
- Spring Boot - Apache Kafka
- Spring Boot - Batch Service
- Spring Boot - Web Socket
- Spring Boot - Hystrix
- Spring Boot - Sending Email
- Spring Boot - Flyway Database
- Tracing Micro Service Logs
- Spring Boot - Creating Docker Image
- Spring Boot - Enabling Swagger2
- Spring Boot - Admin Client
- Spring Boot - Admin Server
- Spring Boot - Actuator
- Spring Cloud Configuration Client
- Spring Cloud Configuration Server
- Zuul Proxy Server and Routing
- Service Registration with Eureka
- Spring Boot - Eureka Server
- Spring Boot - Enabling HTTPS
- Spring Boot - Scheduling
- Spring Boot - Internationalization
- Spring Boot - CORS Support
- Consuming RESTful Web Services
- Spring Boot - Thymeleaf
- Spring Boot - Service Components
- Spring Boot - File Handling
- Spring Boot - Rest Template
- Spring Boot - Tomcat Port Number
- Spring Boot - Servlet Filter
- Spring Boot - Interceptor
- Spring Boot - Exception Handling
- Building RESTful Web Services
- Spring Boot - Logging
- Spring Boot - Application Properties
- Spring Boot - Runners
- Spring Beans & Dependency Injection
- Spring Boot - Code Structure
- Spring Boot - Build Systems
- Spring Boot - Tomcat Deployment
- Spring Boot - Bootstrapping
- Spring Boot - Quick Start
- Spring Boot - Introduction
- Spring Boot - Home
Spring Boot Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Spring Boot - Securing Web Apppcations
If a Spring Boot Security dependency is added on the classpath, Spring Boot apppcation automatically requires the Basic Authentication for all HTTP Endpoints. The Endpoint “/” and “/home” does not require any authentication. All other Endpoints require authentication.
For adding a Spring Boot Security to your Spring Boot apppcation, we need to add the Spring Boot Starter Security dependency in our build configuration file.
Maven users can add the following dependency in the pom.xml file.
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
Gradle users can add the following dependency in the build.gradle file.
compile("org.springframework.boot:spring-boot-starter-security")
Securing a Web apppcation
First, create an unsecure web apppcation by using Thymeleaf templates.
Then, create a home.html file under src/main/resources/templates directory.
<!DOCTYPE html> <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"> <head> <title>Spring Security Example</title> </head> <body> <h1>Welcome!</h1> <p>Cpck <a th:href = "@{/hello}">here</a> to see a greeting.</p> </body> </html>
The simple view /hello defined in the HTML file by using Thymeleaf templates.
Now, create a hello.html under src/main/resources/templates directory.
<!DOCTYPE html> <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"> <head> <title>Hello World!</title> </head> <body> <h1>Hello world!</h1> </body> </html>
Now, we need to setup the Spring MVC – View controller for home and hello views.
For this, create a MVC configuration file that extends WebMvcConfigurerAdapter.
package com.tutorialspoint.websecuritydemo; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration pubpc class MvcConfig extends WebMvcConfigurerAdapter { @Override pubpc void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/home").setViewName("home"); registry.addViewController("/").setViewName("home"); registry.addViewController("/hello").setViewName("hello"); registry.addViewController("/login").setViewName("login"); } }
Now, add the Spring Boot Starter security dependency to your build configuration file.
Maven users can add the following dependency in your pom.xml file.
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
Gradle users can add the following dependency in the build.gradle file.
compile("org.springframework.boot:spring-boot-starter-security")
Now, create a Web Security Configuration file, that is used to secure your apppcation to access the HTTP Endpoints by using basic authentication.
package com.tutorialspoint.websecuritydemo; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @Configuration @EnableWebSecurity pubpc class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/home").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll(); } @Autowired pubpc void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } }
Now, create a login.html file under the src/main/resources directory to allow the user to access the HTTP Endpoint via login screen.
<!DOCTYPE html> <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"> <head> <title>Spring Security Example </title> </head> <body> <span th:if = "${param.error}"> Invapd username and password. </span> <span th:if = "${param.logout}"> You have been logged out. </span> <form th:action = "@{/login}" method = "post"> <span> <label> User Name : <input type = "text" name = "username"/> </label> </span> <span> <label> Password: <input type = "password" name = "password"/> </label> </span> <span> <input type = "submit" value = "Sign In"/> </span> </form> </body> </html>
Finally, update the hello.html file – to allow the user to Sign-out from the apppcation and display the current username as shown below −
<!DOCTYPE html> <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"> <head> <title>Hello World!</title> </head> <body> <h1 th:inpne = "text">Hello [[${#httpServletRequest.remoteUser}]]!</h1> <form th:action = "@{/logout}" method = "post"> <input type = "submit" value = "Sign Out"/> </form> </body> </html>
The code for main Spring Boot apppcation is given below −
package com.tutorialspoint.websecuritydemo; import org.springframework.boot.SpringApppcation; import org.springframework.boot.autoconfigure.SpringBootApppcation; @SpringBootApppcation pubpc class WebsecurityDemoApppcation { pubpc static void main(String[] args) { SpringApppcation.run(WebsecurityDemoApppcation.class, args); } }
The complete code for build configuration file is given below.
Maven – pom.xml
<?xml version = "1.0" encoding = "UTF-8"?> <project xmlns = "http://maven.apache.org/POM/4.0.0" xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation = "http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.tutorialspoint</groupId> <artifactId>websecurity-demo</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>websecurity-demo</name> <description>Demo project for Spring Boot</description> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.9.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
Gradle – build.gradle
buildscript { ext { springBootVersion = 1.5.9.RELEASE } repositories { mavenCentral() } dependencies { classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}") } } apply plugin: java apply plugin: ecppse apply plugin: org.springframework.boot group = com.tutorialspoint version = 0.0.1-SNAPSHOT sourceCompatibipty = 1.8 repositories { mavenCentral() } dependencies { compile( org.springframework.boot:spring-boot-starter-security ) compile( org.springframework.boot:spring-boot-starter-thymeleaf ) compile( org.springframework.boot:spring-boot-starter-web ) testCompile( org.springframework.boot:spring-boot-starter-test ) testCompile( org.springframework.security:spring-security-test ) }
Now, create an executable JAR file, and run the Spring Boot apppcation by using the following Maven or Gradle commands.
Maven users can use the command as given below −
mvn clean install
After “BUILD SUCCESS”, you can find the JAR file under target directory.
Gradle users can use the command as shown −
gradle clean build
After “BUILD SUCCESSFUL”, you can find the JAR file under the build/pbs directory.
Now, run the JAR file by using the command shown below −
java –jar <JARFILE>
Hit the URL http://localhost:8080/ in your web browser. You can see the output as shown.
Advertisements