This section covers the minimum setup for how to use Spring Security with Spring Boot in a reactive application.
The completed application can be found in our samples repository. For your convenience, you can download a minimal Reactive Spring Boot + Spring Security application by clicking here. |
The completed application can be found in our samples repository. For your convenience, you can download a minimal Reactive Spring Boot + Spring Security application by clicking here. |
Updating Dependencies
You can add Spring Security to your Spring Boot project by adding spring-boot-starter-security
.
-
Maven
-
Gradle
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
implementation 'org.springframework.boot:spring-boot-starter-security'
Starting Hello Spring Security Boot
You can now run the Spring Boot application by using the Maven Plugin’s run
goal.
The following example shows how to do so (and the beginning of the output from doing so):
-
Maven
-
Gradle
$ ./mvnw spring-boot:run
...
INFO 23689 --- [ restartedMain] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336
...
$ ./gradlew bootRun
...
INFO 23689 --- [ restartedMain] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336
...
Authenticating
You can access the application at localhost:8080/ which will redirect the browser to the default log in page. You can provide the default username of user
with the randomly generated password that is logged to the console. The browser is then taken to the orginally requested page.
To log out you can visit localhost:8080/logout and then confirming you wish to log out.
Spring Boot Auto Configuration
Spring Boot automatically adds Spring Security which requires all requests be authenticated. It also generates a user with a randomly generated password that is logged to the console which can be used to authenticate using form or basic authentication.