Spring Boot Security Tutorial | REST & Web

preview_player
Показать описание
In this Spring Boot Security tutorial I show you how to secure your RESTful endpoints & controllers with spring security.

I first start off my creating a standard spring boot project and add a couple of RESTful endpoints via spring’s @RestController and @RequestMapping annotations. At this stage spring security is not on the classpath so the URLs are all open to HTTP requests.

I then add the spring-boot-starter-security dependency to the classpath via a simple maven dependency and perform a project update. If spring security is on the classpath then the web application will automatically be secured with basic authentication on all HTTP endpoints when there is no bean annotated with @EnableWebSecurity. The default username and password is ‘user’ and a random UUID password is generated each time the application starts, you can see this in the start-up logs. Do not use this in production.

After showing the automatic spring security basic authentication on all endpoints, I then create a java class annotated with @EnableWebSecurity. The class SecurityConfig extends WebSecurityConfigurerAdapter and overrides the configure(HttpSecurity http) method. This method disables the default HTTP Spring Security and allows us to define our own fine grained http security on our RESTful endpoints. I specified that the ant path expressions endpoints must have the defined roles associated with the login credentials.

Within the bean annotated with EnableWebSecurity, I added and autowired an configureGlobal(AuthenticationManagerBuilder auth) method. This allows you to specify the type of authentication manager (LDAP, In-memory, Token based etc). I added two users with different roles and demo the application returning an http 403 unauthorized when an authenticated but unauthorized user attempted to access a specific endpoint.

I hope you enjoyed this introductory spring security with spring boot example! Give it a go!

Don’t forget to subscribe for more great tech videos :)

Till next time,
Phil

Filmed at Newcastle County Down, Slieve Donard. Mourne Mountains.

Links:

  1. Philip Starritt
  2. spring boot
  3. spring security
  4. spring boot security
  5. spring boot security example
  6. spring security tutorial
Рекомендации по теме
Spring Security 6 3:14:14

Spring Security 6 with Spring Boot and JWT Tutorial

Spring Security From 0:10:40

Spring Security From Beginner to Pro: A Journey Through Spring Security Architecture

Spring Security Architecture 0:14:41

Spring Security Architecture Explained

Spring Boot 3 0:55:19

Spring Boot 3 Security Tutorial | Authentication and Authorization | Spring Security Tutorial

Spring Security Tutorial 1:31:05

Spring Security Tutorial - [NEW] [2023]

Spring Security Made 0:10:01

Spring Security Made EASY - From Zero to Hero in 10 Minutes!

Spring Security | 4:57:58

Spring Security | FULL COURSE

Spring Security Tutorial 1:06:32

Spring Security Tutorial

LangGraph Intro – 0:27:01

LangGraph Intro – Building Developer Mentor AI Agent with Long-Term Memory and Structured Updates

Spring Boot 3 0:00:34

Spring Boot 3 Security Tutorial

Spring Security 6 3:24:42

Spring Security 6 with Spring Boot 3 and JWT Tutorial

How Spring Security 0:19:36

How Spring Security Authentication works - Java Brains

Spring Security 6 1:55:09

Spring Security 6 Tutorial

Authentification par JWT 0:34:50

Authentification par JWT avec Spring Security | Spring Boot | MySQL

Spring Security Tutorial 1:49:29

Spring Security Tutorial | Full Course | Spring Boot Login and Registration with MySQL Database

Spring Boot and 8:39:30

Spring Boot and Spring Security with JWT

How does Spring 0:20:17

How does Spring Security Authentication work internally | JavaTechie

Spring Security #springplatform 0:00:22

Spring Security #springplatform #coding #javaframework

Spring Security Tutorial 2:38:19

Spring Security Tutorial | In depth Course

OAuth2 Login Made 0:13:05

OAuth2 Login Made Easy in Java: A Spring Boot & Spring Security Walkthrough

Autenticação e Autorização 1:15:53

Autenticação e Autorização com Spring Security, JWT Tokens e Roles

Spring Boot 3 2:05:52

Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]

Learn Spring Security 0:33:31

Learn Spring Security 6 with Spring Boot 3 | Crash Course | Say Good Bye to Deprecated APIs

Spring Boot + 0:39:29

Spring Boot + Spring Security + JWT from scratch - Java Brains

Комментарии
Автор

You just gained a new subscriber ;), it put me in the right direction as I was so confused on how to implement a simple authentication scheme

bilal-jrsp
Автор

Very good, Quick and crisp spring security implementation..

vinuthchandraboraiah
Автор

dude such a nice and fast explanation. crisp.. keep doing stuff like this.... :)

deepakarul
Автор

A very Nice tutorial for basic understanding of Spring security with REST api

anindya
Автор

Awesome! Very clear explanation, this is what I needed

SoyJayP
Автор

Philip you are awesome. Keep up the good work.

aawesome
Автор

Great Explanation!!! I have a question here, lets say we have many pages which will fall under category of /admin/ url. This will check/intercept on every call to the matching url pattern correct ? If yes then how it is more beneficial than introducing a Filter which too intercepts the requests on every call to a page.

mohitbhagat
Автор

Thank you so much! Your explanation was amazing, at least now I can get started and move on with securing my rest web application! Many thanks:)

amandastacie
Автор

Nice explanation philip. Can you also suggest some sites where i can find more starting tutorial for springboot security?

shivendrakishore
Автор

Good! This was well explained and structured and leave me in the believe the author quite knows what he does... :-)

peterwein
Автор

can you please show how do we integrate webservice security and rest service security together i am totally new in spring boot

nikilkaranjit
Автор

Hi Philip, thank you for your awesome video. Can you make a video on spring boot oauth 2.0 ? That will be very helpful. Cheers!

ningzedai
Автор

Hello Philip, thank you for the good tutorial! I have a question, how can i implement a register page and save the data in the database? Thank you so much again.

gibranlara
Автор

The explanation was awesome Philip.It will be very helpful if you make a video how to use jjwt tokens to use with spring oauth2.

annaright
Автор

Great beginner video for Spring Boot Authentication. Would it be possible to do one on AuthenticationManagerBuilder LDAP Example Spring boot? Thank you.

guitarDad
Автор

Hello, nice explanation of spring security. But it's not for the REST service. How can I access private URL with http request(headers, tokens)? I can't fill login form(for example mobile http request).

kassymbekoff
Автор

6:26 add starter-security dependency
8:55 create a secure config class in the controller package

ruixue
Автор

Thanks Philip.This was given me good understanding of spring boot security.Is there any video for Spring boot, rest, jpa authentication .

harieducation
Автор

Thank you. Do you happen to know how to implement CAS authentication with Springboot?

SSchithFoo
Автор

Hey Philip, I have a question. I used your example and now I'd like to get rid of the form. I don't wan't to use any form, actually.
I plan to consume this web service ONLY with an angular2 remote front end or with a REST client like Postman.
When I try to replace .formLogin() by .httpBasic(), it messes up the authorisation system as the web service ask for authentication for both private and public paths. What would you advice me to use?
I've been browsing spring documentation, google and stackoverflow for hours.

Cheers mate
Have a good one

memento
join shbcf.ru