Explain how you will go about Security in Spring Boot Application?

1.	Explain how you will go about Security in Spring Boot Application?
Answer» With a Spring Boot Application, you can fallback to Spring Security. Include the Spring Security Boot Starter : <dependency&GT; <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> <version>2.1.6.RELEASE</version> </dependency> You can go with HTTP basic or form login. To update the USERNAME or password , override the following properties in application properties FILE : Spring.security.user.name = username1 Spring.security.user.password = password1 To enable method LEVEL security, you can use @EnableGlobalMethodSecurity. To disable default Security configuration in-built, you need to exclude Security Auto Configuration class as follows : @SpringBootApplication(exclude = { SecurityAutoConfiguration.class }) public class SpringBootApplication1 { public static void main(String[] args) { SpringApplication.run(SpringBootApplication1.class, args); } } This can be also achieved by adding following to properties file : spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration @ConfigurationTo Override default Security you can implement WebSecurityConfigurerAdapter class , for example : @EnableWebSecurity public class BasicConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("username") .password("password1") .roles("GUEST") .and() .withUser("admin") .password("admin") .roles("GUEST", "ADMIN"); } @Override protected void configure(HttpSecurity http) throws Exception { HTTP .authorizeRequests() .anyRequest() .authenticated() .and() .httpBasic(); } } @EnableWebSecurity is optional if the default security configuration is disabled. Oauth2 is COMMONLY used for authorization. To integrated OAuth2: Add a starter for Oauth2 Use @EnableAuthrizationServer Use @EnableResourceServer in an application where resource located On Client Side, use either of @EnableOAuth2Sso or @EnableOAuth2Client.

Answer»

With a Spring Boot Application, you can fallback to Spring Security. Include the Spring Security Boot Starter :

<dependency&GT; <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> <version>2.1.6.RELEASE</version> </dependency> You can go with HTTP basic or form login.

To update the USERNAME or password , override the following properties in application properties FILE :

Spring.security.user.name = username1

Spring.security.user.password = password1

To enable method LEVEL security, you can use @EnableGlobalMethodSecurity.

To disable default Security configuration in-built, you need to exclude Security Auto Configuration class as follows :

@SpringBootApplication(exclude = { SecurityAutoConfiguration.class }) public class SpringBootApplication1 { public static void main(String[] args) { SpringApplication.run(SpringBootApplication1.class, args); } }

This can be also achieved by adding following to properties file :

spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration

@ConfigurationTo Override default Security you can implement WebSecurityConfigurerAdapter class ,

for example :

@EnableWebSecurity public class BasicConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("username") .password("password1") .roles("GUEST") .and() .withUser("admin") .password("admin") .roles("GUEST", "ADMIN"); } @Override protected void configure(HttpSecurity http) throws Exception { HTTP .authorizeRequests() .anyRequest() .authenticated() .and() .httpBasic(); } }

@EnableWebSecurity is optional if the default security configuration is disabled.

Explain how you will go about Security in Spring Boot Application?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment