Member-only story
Basics of Spring Security in Spring Boot
Spring Security is a powerful framework that provides authentication, authorization, and access control for web applications. In this blog post, we will explore how to use Spring Security to secure a web application with code examples.
2 min readNov 9, 2024
Step 1: Setting up the project
The first step is to set up a Spring Boot project with the necessary dependencies. We will use Spring Boot Starter Web and Spring Security dependencies. To set up the project, create a new Spring Boot project in your IDE of choice and add the following dependencies to your pom.xml file:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>Step 2: Creating a UserDetailsService
The UserDetailsService interface is used to retrieve user details from a database or any other data source. We will create an implementation of this interface to retrieve user details from a database. Here’s an example:
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if(user == null) {
throw new UsernameNotFoundException("User not found");
}
return new org.springframework.security.core.userdetails.User(user.getUsername(),
user.getPassword(),
Collections.singleton(new SimpleGrantedAuthority(user.getRole().name())));
}
}Step 3: Configuring Security
To configure Spring Security, we need to create a SecurityConfig class that extends WebSecurityConfigurerAdapter. Here’s an example:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired…
