This Spring Boot Security tutorial explains security concepts with examples step by step. In this post, we will explain the spring boot security ( spring-boot-starter-security, spring-boot-starter-security-test dependency ) using spring boot security default login page and using default username and password. These default spring boot security login pages are available in the spring boot framework by default.

This Spring Boot Security tutorial explains security concepts with examples step by step. In this post, we will explain the spring boot security using default security pages. These default security pages are available in the spring boot framework by default.

We use Spring Boot + MVC + Tomcat + JSP + Spring Boot Security + JSTL in this example



Step 1 – Create Project

Create a simple spring boot project called “SpringBootSecuritySimple”. Add the “spring-boot-starter-web” and “spring-boot-starter-security” dependency while creating a project. Manually add “tomcat-embed-jasper” and “jstl” dependency. After the project is created, the pom.xml file is shown as below.

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.2.4.RELEASE</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.yawintutor</groupId>
	<artifactId>Spring-Application</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>SpringBootSecuritySimple</name>
	<description>Spring Boot Project</description>

	<properties>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>

		<dependency>
			<groupId>org.apache.tomcat.embed</groupId>
			<artifactId>tomcat-embed-jasper</artifactId>
			<scope>provided</scope>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>

		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>jstl</artifactId>
		</dependency>

	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

SpringBootSecuritySimpleApplication.java

package com.yawintutor;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringBootSecuritySimpleApplication {

	public static void main(String[] args) {
		SpringApplication.run(SpringBootSecuritySimpleApplication.class, args);
	}
}


Step 2 – Add Jsp Pages Configuration

The spring boot security project requires tomcat to render a page. First add the configuration of the jsp folder in the application.properties file. Tomcat will check this configuration to identify the jsp files in the container.

application.properties

spring.mvc.view.prefix=/WEB-INF/jsp/
spring.mvc.view.suffix=.jsp


Step 3 – Add a Controller Class

Spring boot requires a controller class that processes the browser request and sends a response to the browser. Create a Controller class using a method that specifies the default url. The example below shows the controller class.

TestController.java

package com.yawintutor;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

@Controller
@RequestMapping
public class TestController {

	@RequestMapping("/")
	public ModelAndView defaultHome() {
		return new ModelAndView("home");
	}
}


Step 4 – Create a Jsp page

Create a jsp file that will be rendered when the default url is invoked. Create a simple jsp page that shows a welcome message with a logout link. This page will be rendered after the security authentication has been successful.

home.jsp

<center>
<h1>Welcome to Spring Boot Simple Security Example</h1>
<a href="/logout">logout</a><br><br>
</center>


Step 5 – run the application

Start the spring boot application. open a browser and type http://localhost:8080/. A login page will be shown by default. This login page is a default spring boot security login page. The default user name is “user“. The default password is generated security password that is shown in console log.

username : user
password : <generated security password>

sample password is e8f5e82c-0d2c-4ace-994d-f9d5e9e6e7a0
2020-02-01 19:02:34.093  INFO 68504 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 

Using generated security password: e8f5e82c-0d2c-4ace-994d-f9d5e9e6e7a0

2020-02-01 19:02:34.166  INFO 68504 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : 


Step 6 – Login with username and password

After a successfull login, you can see the actual home page as shown below.



Step 7 – Logout

You can signoff by calling /logout url. In the above page, click the logout link that will signoff from login.



Leave a Reply