Scribd
Upload
1K views

Using Spring Boot 3 With Spring Security Notes

The document discusses Spring Security 6 with Spring Boot 3. It covers migrating to Spring Boot 3, adding Spring Security to a Spring Boot app, changes in Spring Security 6, and Spring Boot's auto-configuration of Spring Security.

Uploaded by

zahri
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
1K views

Using Spring Boot 3 With Spring Security Notes

The document discusses Spring Security 6 with Spring Boot 3. It covers migrating to Spring Boot 3, adding Spring Security to a Spring Boot app, changes in Spring Security 6, and Spring Boot's auto-configuration of Spring Security.

Uploaded by

zahri
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Using Spring Boot 3

with Spring Security 6


By Ramesh Fadatare (Java Guides)
Migration and Clean up
1. Spring boot version 3.0.x and Java 17 or late
2. Change package name from javax to jakart
3. Change the Hibernate dialect
4. Drop and create new databas
5. Insert records in posts and comments table
e

Adding Spring Security to Spring


Boot and Exploring Spring
Security Auto Con guration
By Ramesh Fadatare (Java Guides)

fi
Spring Security 6 with Spring Boot 3
1. Spring Security is a framework that provides authentication, authorization,
and protection against common attacks. With rst class support for securing
both web and reactive applications, it is the de-facto standard for securing Spring-based
applications

2. Spring Boot provides a spring-boot-starter-security starter that aggregates Spring


Security-related dependencies together

3. Removed deprecated APIs/Classes/Annotations

• WebSecurityCon gurerAdapte
• EnableGlobalMethodSecurit
• antMatcher
• authorizeRequests
s

fi
y

fi
:

Spring Boot Auto Configuration for Spring Security


Spring Boot auto con gures below features

• spring-boot-starter-security starter that aggregates Spring Security-related dependencies together


• Enables Spring Security’s default con guration, which creates a servlet Filter as a bean named
springSecurityFilterChain. Provides default login form for you

• Creates default user with a username as user and a randomly generated password that is logged
to the console (Ex: 8e557245-73e2-4286-969a-ff57fe326336)

• Spring boot provides properties to cusomize default user’s username and passwor
• Protects the password storage with BCrypt algorith
• Lets the user log out (default logout feature
• CSRF attack prevention (enabled by default
• If Spring Security is on the classpath, Spring Boot automatically secures all HTTP endpoints with
“basic” authentication.
fi
fi
:

Implementing
Basic Authentication using
Spring Security
By Ramesh Fadatare (Java Guides)

How Basic Authentication


Works in Spring Security
By Ramesh Fadatare (Java Guides)
How Basic Authentication Works

Login Request

Client
Securing REST API's with
In memory Authentication
By Ramesh Fadatare (Java Guides)
Create JPA Entities User and
Role ( Many to Many Mapping)
By Ramesh Fadatare (Java Guides)
Creating JPA Repositories
UserRepository and
RoleRepository
By Ramesh Fadatare (Java Guides)
UserDetailsService Interface
Implementation to Load User
from Database
By Ramesh Fadatare (Java Guides)
How Spring Security Database
Authentication Works
By Ramesh Fadatare (Java Guides)
How Database Authentication Works

OAuth2 CustomUserDetailsService

LDAP

DAO
Securing REST API's with
Database Authentication
By Ramesh Fadatare (Java Guides)

You might also like