In modern day, security threats are constantly evolving. So application security becomes an extremely important thing in such challenging times.
Spring security is here to help. It is a very efficient, powerful framework to provide authentication and authorization for all kinds of application.
It overcomes all the problems that come during the creation of non spring security applications and manage new server environment for the application.
So the app security framework is something like allowing/Blockign access to URL’s for logged in user’s. It is job of the spring security filter to do these stuff.
The below diagram shows the basic flow for a spring security app.
What Spring Security can do?
1)UserName/PWD auth.
2)SSO/LDAP.
3)App Level Auth.
4)OAuth 2.0 Support.
5)Microservice Security.
6)Method Security.
Kindly add the below maven dependency in pom.xml.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
Spring Security Default Behaviour:
1)Adds mandatory authentication for URL’s.
2)Adds Default Login form. You can access it
http://localhost:8080/spring_sec_project/login.html
3)Handles login error.
4)Creates a user and a default password.
In application.properties, we can override the default user and password. Something like this.
spring.security.user.name = foo
spring.security.user.pwd = foo
In the next article let’s deep dive into the core components and fucntionalities of Spring security like Authentication and Authorization.