andrevier / basicauth Goto Github PK

This repository provides an example of a minimal implementation of security using the Spring Security framework.

To build the application, you need the following dependencies, which can be managed with both Maven and Gradle:

• Spring Web
• Spring Security

For Maven, add the following dependencies to your pom.xml:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

In this project, we use basic authentication, which transfers credentials as username:password pairs encoded in Base64. Please note that this is not a secure way to protect requests, but it is used here for simplicity and illustrative purposes.

After creating the project, we add a controller with an endpoint that the client can access, returning a simple message such as "Hello, world!".

// Controller.java
@RestController
public class Controller {
    @GetMapping("/hello")
    public String hello() {
        return "Hello there!";
    }
}

By default, the Spring Boot application runs on http://localhost:8080 if no specific configuration is provided. You can access the endpoint using the cURL command:

curl http://localhost:8080/hello

The response will be "Hello there!".

The security layer is implemented using two classes: UserDetailsService and PasswordEncoder.

• UserDetailsService retrieves the user details and stores the information of the user. It expects an object of a class that implements the UserDetails interface.
• PasswordEncoder is responsible for hashing the password before comparing it to the stored value.

In this example, these classes are implemented as beans in the ProjectConfig class, which is annotated with @Configuration.

// ProjectConfig.java
@Configuration
public class ProjectConfig {
    @Bean
    public UserDetailsService userDetailsService() {    
        UserDetails user = User.withUsername("john")
            .password("12345")
            .build();

        return new InMemoryUserDetailsManager(user);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }
}

After configuring the security layer, the endpoint becomes secured. To access it, you need to provide the correct credentials using cURL:

curl.exe -u "john:12345" "http://localhost:8080/hello"

That's it! You can now explore this example of Spring Security in action. Feel free to customize and build upon it according to your needs.

[1] Securing a web app [2] Spring Security in action