Starting with Spring Security 3.0, the project code was subdivided into multiple independent jars to more clearly distinguish functionality and dependencies.
1. Core modules
1.1 the Core – spring ws-security – Core. The jar
This module contains core authentication and access control classes and interfaces, remote support, and basic configuration apis. Any application that uses Spring Security needs it. It supports standalone applications, remote clients, method (service-layer) security, and JDBC user configuration. It contains the following top-level packages:
- org.springframework.security.core
- org.springframework.security.access
- org.springframework.security.authentication
- org.springframework.security.provisioning
1.2 Web – spring ws-security – Web. The jar
This module contains filters and associated network security infrastructure code. It contains anything related to servlet APl. If you need Spring Security Web authentication services and URL-based access control, you need it. The main packages are:
- org.springframework.security.web
There are many more modules. We’ll analyze them when we need them.
2. Minimum Settings to use Spring Security in Spring Boot
Here’s how to use Spring Security
2.1 Follow the minimal example provided on the official website to start exploration:
Project directory for minimal examples:
Nothing, as it were.
There is no need to configure the Application
There are only four in POM:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
Copy the code
Run directly, the console gives a string of characters as follows:
Using generated security password: 802bf3cc-cbcc-424d-9967-2f006ee3e135
Copy the code
Revisiting localhost:8080 will direct you to /login to a styled login page:
Fill in the form as follows:
Username:user
Password:802bf3cc-cbcc-424d-9967-2f006ee3e135
Copy the code
Localhost :8080 welcome page, we do not have a welcome page 404 error. The password you enter is the console string there.
The above procedure completes a basic user authentication, but from the configuration to the password are configured by default ~
2.2 Automatic Spring Boot Configuration:
The default Configuration is Spring Boot Auto Configuration.
Spring Boot Auto Configuration does these things:
springSecurityFilterChain
(beans) : to enable the default configuration, Spring Security will create for a bean called springSecurityFilterChain servlet Filter. This bean takes care of all security issues in the application (securing application urls, validating submitted usernames and passwords, redirecting to login forms, and so on).UserDetailsService
(bean) : Create a UserDetailsService bean with a user name user and a randomly generated password to log in to the console.- For each request to the Servlet container to register a bean named springSecurityFilterChain filter.