In this example, we will see Spring security authorization example spring boot. In this example, we are not going to use the database.
prerequisites –
- JDK 1.8
- Eclipse
- maven
- postman
Step 1 – open eclipse and create maven project, Don’t forget to check ‘Create a simple project (skip)’click on next.
Step 2 – Fill all details as below and click on finish.
Step 3 – open pom.xml and replace the pom.xml with below code.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>springsecuritybasic</groupId>
<artifactId>springsecuritybasic</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springsecuritybasic</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- <dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency> -->
</dependencies>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<start-class>com.springsecuritybasic.SpringSecurityBasicExample</start-class>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.springsecuritybasic.SpringSecurityBasicExample</mainClass>
</configuration>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<fork>true</fork>
<executable>C:\Program Files\Java\jdk1.8.0_131\bin\javac.exe</executable>
</configuration>
</plugin>
</plugins>
</build>
</project>
Note – In pom.xml we have defined javac.exe path in configuration tag. You need to change accordingly i.e where you have installed JDK.
Step 4 – Let maven download all necessary jar. Once it is done we will able to see maven dependency folder which contains different jar files. Let’s create a controller class, entity, and main class(also I have added application.properties and defined port number because 8080 is busy with other servers).
Step 5- Define entity class i.e Book.java
package com.springsecuritybasic.entity;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name = "book")
public class Book {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private int bookId;
@Column(name="book_name")
private String bookName;
@Column(name="auther_name")
private String autherName;
public String getAutherName() {
return autherName;
}
public void setAutherName(String autherName) {
this.autherName = autherName;
}
public int getPrice() {
return price;
}
public void setPrice(int price) {
this.price = price;
}
@Column(name="price")
private int price;
public String getBookName() {
return bookName;
}
public void setBookName(String bookName) {
this.bookName = bookName;
}
public int getBookId() {
return bookId;
}
public void setBookId(int bookId) {
this.bookId = bookId;
}
}
Step 6 – Define controller class.
package com.springsecuritybasic.controller;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import com.springsecuritybasic.entity.Book;
@RestController
@RequestMapping("/book")
public class BookController {
@RequestMapping(value = "/getbook",method = RequestMethod.GET)
@ResponseBody
public Book getBookDetails() {
Book book = new Book();
book.setAutherName("author");
book.setBookId(2);
book.setBookName("alchemist");
book.setPrice(200);
return book;
}
}
Step 7 – Define SpringSecurityBasicExample.java
package com.springsecuritybasic;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.ConfigurableApplicationContext;
@SpringBootApplication
public class SpringSecurityBasicExample {
public static void main(final String[] args) {
final ConfigurableApplicationContext configurableApplicationContext = SpringApplication
.run(SpringSecurityBasicExample.class, args);
}
}
Step 8 – Define application.properties file.
server.port = 9091
Step 9 – Run the main class as a Java application, let deploy the server.
Step 10 – Open the browser and type the Rest URI http://localhost:9091/book/getbook
A pop up will appear which will ask for username and password.
By default, the username is user and password is default security password which you can find on the console(sample been shown below).
Step 11 – Enter the username and password, we will have our response.
We have set those dummy value in the Controller class is coming in response.
This was a very basic spring security example. Some points here need to understand.
- Why we are getting pop up for username and password.
- How we are getting the default security password.
Although we will not go into very depth, we are going to discuss some points here. If you noticed the pom.xml we have added a dependency for the spring security module.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
This dependency tells spring only authorized user can access defined rest URI. So what will happen if remove this dependency from pom.xml?
Let’s modify the pom.xml(comment security module).
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>springsecuritybasic</groupId>
<artifactId>springsecuritybasic</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springsecuritybasic</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency> -->
<!-- <dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency> -->
</dependencies>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<start-class>com.springsecuritybasic.SpringSecurityBasicExample</start-class>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.springsecuritybasic.SpringSecurityBasicExample</mainClass>
</configuration>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<fork>true</fork>
<executable>C:\Program Files\Java\jdk1.8.0_131\bin\javac.exe</executable>
</configuration>
</plugin>
</plugins>
</build>
</project>
Now save the changes( if you expand Maven dependencies folder security related jar will not be there) and run the application. In the console, we don’t have a default security password.
Now if you hit this URI(http://localhost:9091/book/getbook)from postman or browser, that login page will not come. You can directly access that URI.
That’s all in this example, in a later article we will see Spring Security architecture in details.
