Security Config
With security starter we automatically get basic authentication.
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
Security Config Adapter
/**
* Auth Security Configuration
*
* If you add Spring Security to your classpath (pom.xml),
* by default all endpoints will be secured.
*
* You can configure Spring Security to permit access to the index page
* while requiring authentication for the RESTful API endpoints.
*/
package com.example;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.*;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/index").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
}
Web Mvc Config
/**
* WebMvcConfigurer
*
* WebMvcConfigurer is used to configure view controllers
* that return HTML pages.
*
* AddViewControllers() method is used to register view controllers
* that map specific URLs to view names.
*
* In general, using @GetMapping annotations in your controller
* is the more common and flexible approach, but defining view controllers
* can be a useful tool in certain situations.
*/
package com.example;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class MvcConfig implements WebMvcConfigurer {
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/index").setViewName("index");
registry.addViewController("/user").setViewName("user");
}
}
Properties
Avoid storing raw password, bcrypt it with and Spring CLI. src/resources/application.properties
spring.security.user.name=myuser
spring.security.user.password={bcrypt}$2a$10$2wRXv3x28CiFAq966H93PeAvaRHKMF.ItkMC.CsPBdYTZ2xLO2sLy
#force a root URL
server.servlet.context-path=/myapp
Templates
<pre>
Welcome!
<a href='/myapp/user'>User page</a> (needs login)
</pre>
<br>
<form th:if="${#httpServletRequest.remoteUser != null}" th:action="@{/logout}" method="post">
<input type="submit" value="Sign Out">
</form>
<h3>Hello [[${#httpServletRequest.remoteUser}]]! </h3>
<form th:action="@{/logout}" method="post">
<input type="submit" value="Sign Out"/>
</form>
<a href='/myapp/index'>Index page</a>
Build and Run
mvn package
mvn spring-boot:run
http://localhost:8080/myapp/
Welcome!
User page (needs login)
http://localhost:8080/myapp/login
Please sign (default form)
myuser
mypass
Hello myuser!
Sign Out
