Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. It’s not only provide authentication it’s also provide authorization, to know authentication and authorization in details please go through this knoldus blog.
In this blog we will see how we can secure a spring-boot application. how we can provide user defined password and how to encrypt password and why that is needed.
Let’s Implement Spring Security-
Dependency to add security on Application
When working with spring Boot , the spring-boot-starter starter will automatically include all dependencies such as spring-security-core, spring-security-web, and spring-security-config among others:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> <version>2.3.3.RELEASE</version> </dependency>
since spring Boot will be managing all the dependencies automatically for us. this will also get rid of the older core dependencies problem
System defined Password In spring security
By default the user name is user. Please go back to the console to see that we have a security password which is generated by the system.
User defined Password In Spring security
What if You want to have Your own username and password and that’s where You do some configuration.
Let’s click on sign in and You will see how You can have your own username and password.
But till now our password is in plain text and it is not encoded. And if anyone can hack a website and database , they will be able to see all our user and password. And of course we don’t want that so Instead of using plaintext we should be using some encryption.
Bcrypt Password Encoder
Bcrypt is a password-hashing function designed by Niels provos and David Mazieres, based on the Blowfish cipher and presented at USENIX in 1999. It uses an adaptive hash algorithm to store a password which is a one-way hash of the password. We have some websites where we can generate the hashing example.
If we go to this website and type password suppose 1234 so instead of saving 1234 in the database it would store the hash of it by simply clicking on bcrypt here. And also there is something interesting here Rounds, this simply means it is going for 10 rounds by default here is 10 rounds we can also make it 12 rounds it means it will calculate the hash 12 times
Stay tuned for the next blog!
Read Spring Security Documentation for more knowledge.
To read more tech blogs, visit Knoldus Blogs.