Spring Boot Security

M๐Ÿ›ก️ What is Spring Boot Security?

Spring Boot Security (part of Spring Security) is like a security guard for your Spring Boot application. It helps protect your app by:

๐Ÿ” Requiring login to access certain pages or APIs.

๐Ÿšซ Blocking unauthorized access.

๐Ÿ”„ Handling authentication (who you are) and authorization (what you're allowed to do).



---

๐Ÿ’ก Why use it?

Imagine you have a blog site:

You want the admin panel to be private.

Only logged-in users should be able to post or edit.

Others can just view posts.


Spring Security makes all that easy without writing everything from scratch.


---

⚙️ How it works (in simple terms):

1. User tries to access a protected page.


2. Spring Security says: “Who are you? Please log in.”


3. Once logged in, it checks: “Are you allowed to see this?”


4. If yes ✅ → access is granted.


5. If no ❌ → access is denied.




---

๐Ÿงช Simple Example

Let’s create a tiny Spring Boot app that:

Has one public page

Has one protected page that needs login



---

1. Add dependency in pom.xml:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>


---

2. Basic security config (Java-based)

Create a class like this:

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(auth -> auth
                .requestMatchers("/public").permitAll() // No login required
                .anyRequest().authenticated() // Everything else needs login
            )
            .formLogin(); // shows a login form
        return http.build();
    }
}


---

3. Create 2 controllers

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class MyController {

    @GetMapping("/public")
    public String publicPage() {
        return "This page is public!";
    }

    @GetMapping("/private")
    public String privatePage() {
        return "Welcome to the private page! You are logged in.";
    }
}


---

4. Default login

When you run the app, Spring Security gives a default login page.

๐Ÿ“ Default user: user
๐Ÿ”‘ Password: check your console log—it prints it when the app starts.


---

✅ Try it:

Go to: http://localhost:8080/public → You can access without login.

Go to: http://localhost:8080/private → You’ll be asked to log in.



---

๐Ÿ”’ Bonus: Custom User & Password

In application.properties:

spring.security.user.name=admin
spring.security.user.password=secret123


---

๐Ÿ–ผ️ Visual Summary

┌──────────────┐
                │ /public │◄──── No login needed
                └──────────────┘

                ┌──────────────┐
     Login Form │ /private │◄──── Needs login
                └──────────────┘



Comments

Post a Comment

Popular posts from this blog

Post GIS

Image
What is PostGIS? PostGIS is a geospatial extension for the PostgreSQL database. It lets you store, query, and analyze geographic data like maps, locations, routes, and shapes. Why Use PostGIS? Key Features Store Locations: Save things like points (a house), lines (a road), and polygons (a city boundary). Find Nearby: Easily find nearby places (e.g., “find cafes within 5 km”). Distance Calculations: Measure how far things are from each other. Spatial Queries: Ask questions like “does this park overlap with this zone?” Works with GIS Tools: Compatible with tools like QGIS, Leaflet, and OpenLayers. Real-World Examples Uber/Swiggy : Track where users and delivery agents are. Google Maps : Route planning and showing nearby places. Weather Apps : Map areas under different weather conditions. How it Works (Simple View) 1. You install PostGIS in PostgreSQL. 2. You use special data types like geometry and geography. 3. You run queries using spatial functions like: ST_Distance() ST_W...
Read more

What is GIS?

Image
GIS stands for Geographic Information System . It’s a computer-based tool used to collect, store, analyze, and display information connected to locations on Earth. Think of it like Google Maps with superpowers—it not only shows where things are but also tells you what they are, how they relate, and what’s happening around them. Why is GIS Important? GIS helps us answer questions like: Where is the nearest hospital? Which areas are flood-prone? Where to build new roads or schools? It's used in city planning, environmental studies, disaster response, agriculture, and more. How Does GIS Work? GIS uses two main types of data: 1. Spatial Data – tells where something is (like a point, line, or area on a map). 2. Attribute Data – tells what it is (name, population, temperature, etc.). Example : If you have a map of schools: The location is spatial data. The name of the school, number of students is attribute data. GIS Components (The 5 Parts) 1. Hardware – Compu...
Read more

Spring Boot Application Properties and YAML Configuration

In a Spring Boot application, you can configure various settings using either application.properties or application.yml files. These files allow you to specify application-wide settings such as database configurations, server settings, and custom properties. 1. Application Properties The application.properties file uses simple key-value pairs, which is easy to read and widely used in Spring Boot. Example: application.properties server.port=8080 spring.datasource.url=jdbc:mysql://localhost:3306/mydb spring.datasource.username=root spring.datasource.password=rootpassword logging.level.org.springframework.web=DEBUG In this example: server.port sets the server port to 8080. spring.datasource.url, spring.datasource.username, and spring.datasource.password define the database connection properties. logging.level.org.springframework.web sets the log level for web-related components. 2. Application YAML (YAML Configuration) The application.yml file is a more structured configuration format tha...
Read more