Spring Security Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 33: Line 33:


Appropriate in the situation when there is a small, static set of users, which can be defined as part of the [[#SecurityConfiguration|security configuration]].
Appropriate in the situation when there is a small, static set of users, which can be defined as part of the [[#SecurityConfiguration|security configuration]].
{{InternalIn-Memory User Store Example|In-Memory User Store Example}}
{{Internal|In-Memory User Store Example|In-Memory User Store Example}}


==JDBC-Based User Store==
==JDBC-Based User Store==

Revision as of 21:48, 21 October 2018

Internal

Spring Boot and Security

Spring Security is enabled by the following Spring Boot starter dependency:

dependencies {

    implementation('org.springframework.boot:spring-boot-starter-security')
}

Spring Boot autoconfiguration will detect that Spring Security artifacts are in the class path and for a web application, basic security will be enabled:

  • All HTTP request paths require authentication.
  • No specific roles or authorities are required.
  • There is only one user, with the user name of user. The password is generated and displayed in the boot logs:
Using generated security password: a18ff68c-bdc1-4990-933e-6bdf896e2b72

Security Configuration

Security can be configured

User Store

The user store can be configured overriding the configure(AuthenticationManagerBuilder) method defined in WebSecurityConfigurerAdapter.

In-Memory User Store

Appropriate in the situation when there is a small, static set of users, which can be defined as part of the security configuration.

In-Memory User Store Example

JDBC-Based User Store

LDAP-Backed User Store

Custom User Detail Service

User

Group

Group ID

Group Name

Authority

Cryptography Support

Security API