Home > AI > Backend > SpringBoot > spring-boot-starter-security >

4 – Basic Authentication

Create a REST API

SampleController.java

@RestController
public class SampleController {

    @GetMapping("/hi")
    public String hi() {
        return "I want know how API works";
    }
}


Add Spring Security dependencies

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>


<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-test</artifactId>
    <scope>test</scope>
</dependency>

Config WebSecurityConfig.java

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic(withDefaults())

                .authorizeRequests()
                    .antMatchers("/", "/home", "/logout").permitAll()
                    .anyRequest().authenticated();
    }






    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .passwordEncoder(passwordEncoder())
                .withUser("user")
                .password(passwordEncoder().encode("user"))
                .roles("USER");
    }
}

Note:

  1. httpBasic needs to be before the authorizeRequests, otherwise it won’t work

Test with postman

GET localhost:8080/hi

Authorization / Basic Auth / username + password

On second time, you found it doesn’t need the auth, you need to clean the cookie

Cookies / delete all

Test with browser

localhost:8080/hi, input your username and password to get the API content

Leave a Reply