VOOZH about

URL: https://www.geeksforgeeks.org/advance-java/authentication-and-authorization-in-spring-boot-3-0-with-spring-security/

⇱ Authentication and Authorization in Spring Boot 3.0 with Spring Security - GeeksforGeeks

  • Courses
  • Tutorials
  • Interview Prep

Authentication and Authorization in Spring Boot 3.0 with Spring Security

Last Updated : 4 May, 2026

Authentication and Authorization are the core pillars of security in Spring Boot 3.0 applications using Spring Security. They ensure that users are properly verified and granted access only to permitted resources, maintaining application integrity and data protection.

  • Authentication validates user identity using credentials like username and password.
  • Authorization determines access levels based on roles or permissions.
  • Spring Security integrates these mechanisms seamlessly with Spring Boot for robust protection.

Authentication

Authentication is the process of verifying the identity of a user when they log in using credentials like username and password. In Spring Security, the provided credentials are validated against a configured data source.

  • Verifies that the user is who they claim to be.
  • Common methods include Username/Password, Token-based authentication, and OAuth2.
  • After successful authentication, user details are stored in the SecurityContext for further authorization.

Authorization

Authorization is the process of determining what actions or resources an authenticated user is allowed to access. In Spring Security, access is controlled based on roles or permissions assigned to the user.

  • Determines user permissions after successful authentication.
  • Based on roles (e.g., ROLE_ADMIN, ROLE_USER) or authorities.
  • Can be configured at method-level (e.g., @PreAuthorize) or URL-level security.

Step-by-Step Implementation of Project

Follow the steps below to create and secure a Spring Boot application using Spring Security.

Step 1: Create a New Spring Boot Project

Go to Spring Initializr and create a new project with the following options:

  • Project: Maven
  • Language: Java
  • Packaging: Jar
  • Java: 17

Dependency:

  • Spring Web
  • Spring Security

Step 2: Create the Controller

Create a REST controller to define public and secured endpoints using role-based access control.

Step 3: Configure Security

Configure authentication, authorization, and user roles using Spring Security.

Step 4: Run and Test the Application

Run the application and test endpoints using browser or Postman.

Test 1: Public Endpoint

Open in browser and test following URL

http://localhost:8080/auth/welcome

You can access this endpoint without any authentication as it is not secured.

👁 Authentication-and-Authorization-in-Spring-Boot-30-with-Spring-Security-1

Test 2: User Profile (Authentication Required)

Now, hit the following URL:

http://localhost:8080/auth/user/userProfile

If Not Logged In: You will be redirected to the below URL:

http://localhost:8080/login

Output:

👁 Login Page

After putting the correct Username and Password you can access your endpoint. Put this Username and Password

  • Username: Ejaz
  • Password: 123

And you will get the output screen like this,

👁 Output After Login

After logging in with the correct credentials, you will be able to access this endpoint if your role includes USER.

Comment

Explore