This Spring Boot Security tutorial explains security concepts with examples step by step. In this post, we will explain the spring boot security ( spring-boot-starter-security, spring-boot-starter-security-test dependency ) using spring boot security default login page and using default username and password. These default spring boot security login pages are available in the spring boot framework by default.
This Spring Boot Security tutorial explains security concepts with examples step by step. In this post, we will explain the spring boot security using default security pages. These default security pages are available in the spring boot framework by default.
We use Spring Boot + MVC + Tomcat + JSP + Spring Boot Security + JSTL in this example
Step 1 – Create Project
Create a simple spring boot project called “SpringBootSecuritySimple”. Add the “spring-boot-starter-web” and “spring-boot-starter-security” dependency while creating a project. Manually add “tomcat-embed-jasper” and “jstl” dependency. After the project is created, the pom.xml file is shown as below.
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.4.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.yawintutor</groupId>
<artifactId>Spring-Application</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>SpringBootSecuritySimple</name>
<description>Spring Boot Project</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
SpringBootSecuritySimpleApplication.java
package com.yawintutor;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringBootSecuritySimpleApplication {
public static void main(String[] args) {
SpringApplication.run(SpringBootSecuritySimpleApplication.class, args);
}
}
Step 2 – Add Jsp Pages Configuration
The spring boot security project requires tomcat to render a page. First add the configuration of the jsp folder in the application.properties file. Tomcat will check this configuration to identify the jsp files in the container.
application.properties
spring.mvc.view.prefix=/WEB-INF/jsp/
spring.mvc.view.suffix=.jsp
Step 3 – Add a Controller Class
Spring boot requires a controller class that processes the browser request and sends a response to the browser. Create a Controller class using a method that specifies the default url. The example below shows the controller class.
TestController.java
package com.yawintutor;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
@Controller
@RequestMapping
public class TestController {
@RequestMapping("/")
public ModelAndView defaultHome() {
return new ModelAndView("home");
}
}
Step 4 – Create a Jsp page
Create a jsp file that will be rendered when the default url is invoked. Create a simple jsp page that shows a welcome message with a logout link. This page will be rendered after the security authentication has been successful.
home.jsp
<center>
<h1>Welcome to Spring Boot Simple Security Example</h1>
<a href="/logout">logout</a><br><br>
</center>
Step 5 – run the application
Start the spring boot application. open a browser and type http://localhost:8080/. A login page will be shown by default. This login page is a default spring boot security login page. The default user name is “user“. The default password is generated security password that is shown in console log.
username : user
password : <generated security password>
sample password is e8f5e82c-0d2c-4ace-994d-f9d5e9e6e7a0
2020-02-01 19:02:34.093 INFO 68504 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: e8f5e82c-0d2c-4ace-994d-f9d5e9e6e7a0
2020-02-01 19:02:34.166 INFO 68504 --- [ main] o.s.s.web.DefaultSecurityFilterChain :
Step 6 – Login with username and password
After a successfull login, you can see the actual home page as shown below.
Step 7 – Logout
You can signoff by calling /logout url. In the above page, click the logout link that will signoff from login.