Spring Security Concepts
Jump to navigation
Jump to search
Internal
Spring Boot and Security
Spring Security is enabled by the following Spring Boot starter dependency:
dependencies {
implementation('org.springframework.boot:spring-boot-starter-security')
}
Spring Boot autoconfiguration will detect that Spring Security artifacts are in the class path and for a web application, basic security will be enabled:
- All HTTP request paths require authentication.
- No specific roles or authorities are required.
- There is only one user, with the user name of user. The password is generated and displayed in the boot logs:
Using generated security password: a18ff68c-bdc1-4990-933e-6bdf896e2b72
Security Configuration
Security can be configured
- via XML
- via Java-based configuration
User Store
The user store can be configured overriding the configure(AuthenticationManagerBuilder) method defined in WebSecurityConfigurerAdapter.
In-Memory User Store
Appropriate in the situation when there is a small, static set of users, which can be defined as part of the security configuration. This method is convenient for testing purposes, but if you need to add, remove or update users, the application has to be rebuilt and redeployed.