The Spring Security framework secures your software through authentication and authorization.
This framework is also extremely flexible.
And set the roles and authorities of specific user types.
Adding Spring Security to Your tool
There are two ways to add Spring Security to your tool.
If you selected one of the Gradle project options, then the dependencies file isbuild.gradle.
However, if you chose Maven, then that file ispom.xml.
Simply execute your program then navigate to Spring Boots home page (or any page in your program).
Entering the default username and password will direct you to the appropriate view in your software.
Customizing Spring Security
To customize your program security, youll need to override Spring Securitys default configuration.
Lombok will help to reduce the code in your object classes.
Using a database means configuring theapplications.propertiesfile under the resources file.
Youll need to update this data to match your database name and credentials.
Youll also need to know what the security for each page looks like.
Our sample program has 6 views:
The only view that will require user authorization is the user page.
This page is only accessible to users that first register, then sign in to the app.
In addition to Spring Boots default package, youll need to create four other packages in your program.
The Registration Controller Class
The controller package will contain the classes that handle HTTP requests.
The@RequestMappingannotation specifies the throw in of request that this controller will handle (requests tolocalhost:8080/register).
After a visitor clicks the register button, then the@PostMappingannotation comes into play.
But before it stores this data, theprocessRegistration()method encrypts the users password usingSpring’sPasswordEncoderinterface.
The main thing that these configuration classes require is the@Configurationannotation.
The@Configurationannotation indicates that the class above is a configuration class.
The first bean in theSecurityConfigurationclass is thepasswordEncoderbean.
TheRegistrationControllerclass uses thepasswordEncoderbean to encode new passwords before saving them to the database.
Another important bean that youll need to add to theSecurityConfigurationclass is theuserDetailsServicebean.
TheuserDetailsServicebean employsSpring SecuritysUserDetailsServiceinterface to retrieve a users username and password for authentication, during a customers login session.
Through theUserRepository, theuserDetailsServicebean gains access to all the existing customers in the database.
If the returned object is a customer, then this customer gains access to the app.
Otherwise, the page will automatically refresh allowing the user to enter valid credentials.
This interface works withSpring SecuritysHttpSecurityclass to create a filter chain for specific HTTP requests.
The filter chain allows unauthenticated access to all other URLs in the software.
ThefilterChainbean also utilizes theformLogin()andlogout()methods of theHttpSecurityclass object.
These methods allow you to automatically direct a user to specific pages after they perform a task.
Finally, thefilterChainbean builds and returns the filter chain, which allows authorized users to dive into the app.
All three beans in theSecurityConfigurationclass work together to secure your utility.
However, thefilterChainbean plays the more significant role of dictating the authorization level foreach HTTP request.
Access control is one of the single most important aspects of any tool.
