Spring Boot Security:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("venkat").password("password").roles("USER");
}
configure() - it configures basic http authentication which shows windows alert box with User name and password field in it to the user to collect the user credentials. And it send it as (Authorization: Basic) format through HTTP header to the server. Only "/" is allowed to be accessed without authentication (.antMatchers("/").permitAll()). All other urls are required authentication (.anyRequest().authenticated())
configureGlobal()- It authenticates the user id/pwd received through Request Header(Header attribute name = Authorization) against the values given in the code. User ID=venkat; password=password.
If it matches it allows the user to access the url.
HTTP Form Authentication (default login form provided by Spring Security):
Follow the above steps. Just replace the configure method with the below code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().formLogin();
}
HTTP Form Authentication (your own login form):
Follow the steps as in HTTP Basic authentication and replace the configure method with below code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("login.html").loginProcessingUrl("/login").permitAll()
.and().logout();
}
Add a HTML page login.html with the following conditions:
HTML page should have a Form element with POST method and submit to '/login'.(default URI).
Form should have text box with name as 'username' and another text box with name as 'password' and of course one submit button.
Logout is very simple. Just add a hyperlink with href as '/logout'. Spring security will invalidate the HttpSession and logout the user.
HTTP Basic Authentication: It's nothing but you need user id and password to access any web page in the application. Spring security will provide windows security form to capture the user id and password from the user.
Steps to follow:
pom.xml:
add dependency for artifact - spring-boot-starter-security
write a new class - WebSecurityConfig exending WebSecurityConfigurerAdapter (org.springframework.security.config.annotation.web.configuration).
Add annotations ( @Configuration, @EnableWebSecurity(debug=true) at class level.
Debug=true is very important to get log information on the http requests/responses sent/received to/from the server.
Debug=true is very important to get log information on the http requests/responses sent/received to/from the server.
Add the following methods in the class:
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("venkat").password("password").roles("USER");
}
configure() - it configures basic http authentication which shows windows alert box with User name and password field in it to the user to collect the user credentials. And it send it as (Authorization: Basic
configureGlobal()- It authenticates the user id/pwd received through Request Header(Header attribute name = Authorization) against the values given in the code. User ID=venkat; password=password.
If it matches it allows the user to access the url.
HTTP Form Authentication (default login form provided by Spring Security):
Follow the above steps. Just replace the configure method with the below code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().formLogin();
}
HTTP Form Authentication (your own login form):
Follow the steps as in HTTP Basic authentication and replace the configure method with below code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("login.html").loginProcessingUrl("/login").permitAll()
.and().logout();
}
Add a HTML page login.html with the following conditions:
HTML page should have a Form element with POST method and submit to '/login'.(default URI).
Form should have text box with name as 'username' and another text box with name as 'password' and of course one submit button.
Logout is very simple. Just add a hyperlink with href as '/logout'. Spring security will invalidate the HttpSession and logout the user.
