IMPORTANT:
Some of the content here is a personal summary/abbreviation of contents on the Offical Spring Security Documentation. Feel free to refer to the official site if you think some of the sections written here are not clear.
Spring Security Intro
Spring security is very useful for dealing with authorization, authentication, and protection against common attacks. It provides support for OAuth2, SAML2, and etc. Yet, as the title of this manual suggests, the following sections will focus on using OAuth2 for authentication/authorization.
Technically, you do not necessarily need to use Spring Boot for using Spring Security. However, the sections below do assume that you are having a Spring Boot project to provide the backend services.
If you want more information on using tools other than OAuth2, or that you are not using Spring Boot as the backend API implementations, please visit the Official Reference.
Getting Spring Security
If you are using Spring Security with Spring Boot, getting Spring Security playing in your application is simple.
In summary, all you need to do is
- Import the
spring-boot-starter-security
in yourpom.xml
- You can either manually import the dependency, or select the
Spring Security
dependency in the Spring Initialzr - At this point, we are not yet using the
OAuth2 Resource Server
andOAuth2 Client
yet. If you want, feel free to include those in yourpom.xml
as well.
- You can either manually import the dependency, or select the
The necessary dependency looks like:
1 | <dependencies> |
Again, its version has been already specified in the parent:
1 | <parent> |
If you want to use a specific version, you can specify it as well:
1 | <properties> |
Note:
If you use a SNAPSHOT version, you need to ensure that you have the Spring Snapshot repository defined, as the following example shows:
1
2
3
4
5
6
7
8 <repositories>
<!-- ... possibly other repository elements ... -->
<repository>
<id>spring-snapshot</id>
<name>Spring Snapshot Repository</name>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
Spring Security Features
Spring Security provides comprehensive support for authentication, authorization, and protection against common exploits. It also provides integration with other libraries to simplify its usage.