Spring Security
Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Basically, it provides ways to apply application-level security to the application.
Let’s understand spring security with a real-life example
Suppose we developed an application IPL Management System, and it has two different services i.e. User Service and another one is Admin Service. Now we need to make sure that there can be only one single admin for that application who can access that Admin Panel and can manage matches, teams, and scores accordingly. So for that, we need to provide some security to the application. We can achieve this with the help of Spring boot Security. We have to add spring boot security dependency in our pom file.
Maven users can add the following dependency in the pom.xml file.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>Gradle users can add the following dependency in the build.gradle file.
compile("org.springframework.boot:spring-boot-starter-security")Features of Spring Security
- JAAS (Java Authentication and Authorization Service) LoginModule,
- Basic Access Authentication,
- Web Form Authentication,
- LDAP (Lightweight Directory Access Protocol),
- Single sign-on.
JAAS LoginModule: It is a Pluggable Authentication Module implemented in Java. Spring Security supports it for its authentication process.
Basic Access Authentication: Spring Security supports Basic Access Authentication which is used to provide user names and passwords while making requests over the network.
Web Form Authentication: In this process, the web form collects and authenticates user credentials from the web browser. Spring Security supports it while we want to implement web form authentication.
LDAP (Lightweight Directory Access Protocol): It is an open application protocol for maintaining and accessing distributed directory information services over an Internet Protocol.
Single sign-on: This feature allows a user to access multiple applications with the help of a single account(user name and password).
Difference between Authentication and Authorization
| Authentication | Authorization |
| Authentication is the process of identifying a user to provide access to a system. | Authorization is the process of giving permission to access the resources. |
| It requires the login details of the user, such as user name & password, etc. | It requires the user’s privilege or security level. |
| In this, the user or client and server are verified. | In this, it is verified that if the user is allowed through the defined policies and rules. |
Let’s create a simple spring boot application to understand this, in that application we have a RestController, which is using requestmapping annotation with a method of string type.
and in the application.properties file, we have to provide our username and password.
So whenever we run our application, it will run but it will ask you to enter the correct credentials without that we can’t access the complete application. If a Spring Boot Security dependency is added on the classpath, Spring Boot application automatically requires the Basic Authentication for all HTTP Endpoints.
Conclusion:
So, It is very important to implement spring security in application when we are developing a large scale software to prevent the important part of the application from been accessed by from everyone.
Reference:
https://spring.io/guides/gs/securing-web/
