codingstuff.io
ExploreTutorialsProblemsCS Subjects
Get Started
ExploreTutorialsProblemsCS Subjects
Get Started
codingstuff.io

Master the art of building software through interactive tutorials, real-world problems, and guided projects.

Pune, Maharashtra, India

codingstuffmail@gmail.com

Product

  • Explore
  • Tutorials
  • Problems
  • CS Subjects

Company

  • About
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • Sitemap

© 2026 codingstuff.io. All rights reserved.

Built with ❤️ for developers everywhere

/
/
All Tutorials
🍃

Spring Boot

19 / 62 topics
19Spring Security Basics20Authentication in Spring Security21Authorization in Spring Security22CSRF Protection in Spring Security
56Security Basics in Spring Boot57CSRF Protection in Spring Boot58Data Encryption in Spring Boot59Audit Logging in Spring Boot
Tutorials/Spring Boot/Spring Security Basics
🍃Spring Boot

Spring Security Basics

Updated 2026-05-15
10 min read

Spring Security Basics

Introduction

Welcome to the world of securing your applications! In today's digital landscape, security is paramount. Whether you're building a simple web application or a complex enterprise system, ensuring that your application is secure against unauthorized access is crucial.

Spring Security is one of the most widely used frameworks for securing Java-based applications. It provides comprehensive authentication and authorization features, making it an essential tool in any developer's toolkit. In this tutorial, we'll explore the basics of Spring Security, including how to set up a basic security configuration and protect your application endpoints.

Concept

Spring Security is designed to be highly customizable and extensible. At its core, it provides a flexible architecture that allows developers to define their own authentication mechanisms and authorization rules.

Key Concepts

  1. Authentication: The process of verifying the identity of a user.
  2. Authorization: The process of determining what actions a user is allowed to perform after they have been authenticated.
  3. Filters: Components that intercept requests and responses to apply security logic.
  4. Configurers: Classes used to configure various aspects of Spring Security.

Examples

Let's dive into some practical examples to understand how Spring Security works in a real-world application.

Step 1: Setting Up a Basic Spring Boot Application

First, let's create a basic Spring Boot application using the Spring Initializr. You can access it at start.spring.io.

  • Choose Maven Project and Java as the language.
  • Set the Spring Boot version to the latest stable release.
  • Add dependencies: Spring Web, Spring Security.

Click on "Generate" to download the project. Once downloaded, import it into your favorite IDE (e.g., IntelliJ IDEA or Eclipse).

Step 2: Creating a Simple Controller

Let's create a simple controller with two endpoints: one that is public and another that requires authentication.

package com.example.demo;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {

    @GetMapping("/public")
    public String publicEndpoint() {
        return "This is a public endpoint.";
    }

    @GetMapping("/secure")
    public String secureEndpoint() {
        return "This is a secure endpoint. Only authenticated users can access this.";
    }
}

### Step 3: Configuring Spring Security

Now, let's configure Spring Security to protect the `/secure` endpoint.

Create a new Java class named `SecurityConfig.java` in the same package as your controller:

```java
package com.example.demo;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails user =
             User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(user);
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
            .authorizeRequests(authorize -> authorize
                .antMatchers("/public").permitAll()
                .anyRequest().authenticated()
            )
            .formLogin(withDefaults());
        return http.build();
    }
}

### Step 4: Running the Application

Run your Spring Boot application. You can do this by clicking on the "Run" button in your IDE or by using the terminal:

<Terminal>
{`\`./mvnw spring-boot:run`}</Terminal>

Once the application is running, you can access the endpoints:

- **Public Endpoint**: [http://localhost:8080/public](http://localhost:8080/public)
  - You should see the message: "This is a public endpoint."

- **Secure Endpoint**: [http://localhost:8080/secure](http://localhost:8080/secure)
  - You will be redirected to a login page. Enter the username `user` and password `password`.
  - After logging in, you should see the message: "This is a secure endpoint. Only authenticated users can access this."

## What's Next?

In this tutorial, we covered the basics of Spring Security, including how to set up a basic security configuration and protect your application endpoints. In the next section, we'll dive deeper into authentication in Spring Security, exploring different authentication mechanisms and how to customize them.

Stay tuned for more tutorials on securing your applications with Spring Security!`}
</Terminal>

PreviousDerived Query Methods in Spring Data JPANext Authentication in Spring Security

Recommended Gear

Derived Query Methods in Spring Data JPAAuthentication in Spring Security