LEARN SPRING BOOT ONLINE

Spring Security Basic Authentication

spring security

Overview Of Basic Auth Using Spring Security

Basic authentication is a simple and widely used authentication mechanism in web applications. It involves sending a username and password with each request, typically as part of the HTTP headers. The server then verifies these credentials against a user database or authentication provider.

In Spring Security, basic authentication can be implemented using the BasicAuthenticationFilter. This filter intercepts incoming requests, extracts the username and password from the HTTP headers, and authenticates the user against a configured authentication manager.

Add Dependency

You need to add the Spring Security dependency to your pom.xml or build.gradle file:

For Maven:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

For Gradle:

implementation 'org.springframework.boot:spring-boot-starter-security'

Implementation

Here’s a brief overview of how to implement basic authentication in a Spring Security-enabled Spring Boot application:

  1. Add Spring Security Dependency: Make sure you have Spring Security included in your project’s dependencies.
  2. Configure Security: Configure Spring Security to enable basic authentication. This typically involves creating a security configuration class that extends WebSecurityConfigurerAdapter and overriding the configure(HttpSecurity http) method to specify security rules.
  3. Provide User Details: Define user details (username, password, roles) either in-memory, using JDBC, or by implementing a custom UserDetailsService.
  4. Access Control: Optionally, configure access control rules to restrict access to certain endpoints based on user roles or authorities.

Here’s a simplified example of how to implement basic authentication in a Spring Boot application:

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    // Define user details (in-memory for simplicity)
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("user")
            .password("{noop}password") // {noop} indicates plain text password
            .roles("USER");
    }

    // Configure security rules
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/public/**").permitAll() // Allow public access
            .anyRequest().authenticated()
            .and()
            .httpBasic(); // Enable basic authentication
    }
}

In this example:

  • We’ve created a basic security configuration class SecurityConfig that extends WebSecurityConfigurerAdapter.
  • In the configure(AuthenticationManagerBuilder auth) method, we define a single user with username “user”, password “password”, and role “USER”. This is an in-memory user for demonstration purposes.
  • In the configure(HttpSecurity http) method, we configure security rules. We permit access to URLs starting with “/public/” for all users and require authentication for all other URLs. We also enable basic authentication using .httpBasic().
  • {noop} is used to indicate that the password is stored in plain text. This is not recommended for production; consider using password encoding techniques like BCryptPasswordEncoder.

With this configuration, any HTTP request to your application will require basic authentication with the provided username and password.

Conclusion

In summary, implementing basic authentication in a Spring Boot application involves several key steps. First, you need to include the spring-boot-starter-security dependency in your project configuration file (either pom.xml for Maven or build.gradle for Gradle). Then, you configure security settings by extending WebSecurityConfigurerAdapter and overriding methods to define user details and access control rules. Once configured, your Spring Boot application will be able to authenticate users using basic authentication, ensuring secure access to your endpoints. This approach provides a straightforward yet effective method for securing your application’s resources.

Explore our diverse collection of blogs covering a wide range of topics here.

Useful Links

Address

4232 Farnum Road, New York, New York(NY), 10029

Telephone: 212-289-5109

Mobile: 917-216-4839

Copyright © 2024 Learn Spring Boot Online