#
My first Spring Boot Service using Spring Security
This tutorial helps you to create a Spring Boot Service using Spring Security.
For creating this simple service, we need to go to Spring Initializr and add the "Spring Web", "Spring Security" and "Lombok" dependencies.
I use Maven, Java language, Spring Boot 3.1.1 version. I choose packaging method "jar", and Java 17.
Other settings:
- Group : com.demo
- Artifact : spring-security
- Name : spring-security
- Description : Demo project for Spring Boot & Spring Security
- Package name : com.demo.spring-securityInfo
My example is using Spring Security 6.1.1. This can be seen in the External Libraries of the project.
I download the jar file, I unzip it, and I add some classes, as below. This will create a simple Employee Service.
package com.demo.springsecurity.model;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class Employee {
public String id;
public String name;
public String jobName;
public String country;
}package com.demo.springsecurity.service;
import com.demo.springsecurity.model.Employee;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.HashMap;
@Service
public class EmployeeService {
private HashMap<String, Employee> employees = new HashMap<>();
public void addEmployee(Employee Emp) {
this.employees.put(Emp.getId(), Emp);
System.out.println("Emp.getId()="+Emp.getId());
}
public void removeEmployee(String empId) {
this.employees.remove(empId);
}
public int countEmployees() {
return this.employees.size();
}
public ArrayList<Employee> getEmployees() {
ArrayList<Employee> empList = new ArrayList<>();
// go through the values of the map
for (Employee emp : employees.values()) {
empList.add(emp);
}
return empList;
}
}package com.demo.springsecurity.controller;
import com.demo.springsecurity.model.Employee;
import com.demo.springsecurity.service.EmployeeService;
import com.google.gson.Gson;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
@RestController
@RequestMapping("/employee")
public class EmployeeController {
@Autowired
EmployeeService employeeService;
@GetMapping(value="/all")
String getAllEmployees() {
ArrayList<Employee> allEmployees = employeeService.getEmployees();
String json = new Gson().toJson(allEmployees);
System.out.println("json="+json);
return json;
}
@PutMapping (value="/add", consumes = "application/json")
int addEmployee(@RequestBody Employee newEmployee) {
employeeService.addEmployee(newEmployee);
int newCount = employeeService.countEmployees();
return newCount;
}
@DeleteMapping(value="/delete", consumes = "application/json")
int deleteEmployee(@RequestBody String empId) {
employeeService.removeEmployee(empId);
int newCount = employeeService.countEmployees();
return newCount;
}
}Also, in order not to use the default username/password we can define an "admin" user and the password associated with this username. This is dome by adding the following code in application.properties.
spring.security.user.name=admin
spring.security.user.password=aThis is a basic Spring Boot using Spring Security.
You can test it using the following curl command :
curl --header "Content-Type: application/json" --header "Authorization: Basic YWRtaW46YQ==" --request GET http://localhost:8080/employee/allInfo
YWRtaW46YQ==is the "username:password" encoded using Base64.- By default, only the GET methods is working well. If you receive a "403 Forbidden when performing" using a POST, PUT, DELETE method it is most likely related to CSRF. Either provide the CSRF Token or disable CSRF protection (not recommended).