Spring Boot Security Auto-Configuration

Spring Boot Security Auto-Configuration automatically sets up basic security features in a Spring Boot application without requiring much manual configuration. It provides default authentication, authorization, and protection against common security threats. This helps developers quickly secure applications with minimal setup.

• Provides built-in security features like CSRF protection and password encoding.
• Reduces configuration effort by using sensible default security settings.

Setting Up Spring Security

Add the Spring Boot Security Dependency

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

By the default, Spring Boot Security Auto configuration secures all the endpoints of the application. Try to accessing any endpoint in the application. Display the prompted to the login in with the default username and password.

Project Implementation of Spring Boot Security Auto-Configuration

Below are the steps to implement Security Auto-Configuration in Spring Boot.

Step 1: Create the Spring Boot Project

Create a Spring Boot project using Spring STS or Spring Initializr.

Add the Following Dependencies:

• Spring Web
• Spring Security
• Spring DevTools
• Lombok

Once we complete the project creation then the file structure looks like the below image.

Step 2: Configure Security Credentials

Open the application.properties file and add the security configuration.

• Sets application name and server port.
• Creates a default username and password for login authentication.

spring.application.name=spring-security-configuration
# Server port
server.port=8080
# Spring Security default user credentials
spring.security.user.name=admin
spring.security.user.password=admin

Step 3: Create Security Configuration Class

Create a package named config and add the WebSecurity class.

• Configures application security rules.
• Allows public access to the home page (/).

Step 4: Create Controller Class

Create a package named controller and add the HomeController class.

• Creates a REST endpoint for testing security.
• Displays a response when the home URL is accessed.

Step 5: Create Main Application Class

Open the main class file and add the following code.

• Starts the Spring Boot application.
• Loads all configurations and dependencies automatically.

Step 6: Run the Application

Run the Spring Boot application as a Spring project.

• Application starts on port 8080.
• Spring Security displays a login page for authentication.

Output:

GET http://localhost:8080/

👁 Sign in Dashboard

Once login with credentials then show the below output.

👁 Output in Browser