Let’s get benefit of Spring security

Anuradha KumariJava, spring boot, Tech Blogs
Table of contents
Reading Time: 3 minutes

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. It’s not only provide authentication it’s also provide authorization, to know authentication and authorization in details please go through this knoldus blog.

In this blog we will see how we can secure a spring-boot application. how we can provide user defined password and how to encrypt password and why that is needed.

Let’s Implement Spring Security-

Dependency to add security on Application

When working with spring Boot , the spring-boot-starter starter will automatically include all dependencies such as spring-security-core, spring-security-web, and spring-security-config among others:


<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    <version>2.3.3.RELEASE</version>
</dependency>

since spring Boot will be managing all the dependencies automatically for us. this will also get rid of the older core dependencies problem

System defined Password In spring security

By default the user name is user. Please go back to the console to see that we have a security password which is generated by the system. 

User defined Password In Spring security

What if You want to have Your own username and password and that’s where You do some configuration.

Let’s click on sign in and You will see how You can have your own username and password.

But till now our password is in plain text and it is not encoded. And if anyone can hack a website and database , they will be able to see all our user and password. And of course we don’t want that so Instead of using plaintext we should be using some encryption. 

Bcrypt Password Encoder

Bcrypt is a password-hashing function designed by Niels provos and David Mazieres, based on the Blowfish cipher and presented at USENIX in 1999. It uses an adaptive hash algorithm to store a password which is a one-way hash of the password. We have some websites where we can generate the hashing example.

If we go to this website and type password suppose 1234 so instead of saving 1234 in the database it would store the hash of it by simply clicking on bcrypt here. And also there is something interesting here Rounds, this simply means it is going for 10 rounds by default here is 10 rounds we can also make it 12 rounds it means it will calculate the hash 12 times

Stay tuned for the next blog!

References

https://www.marcobehler.com/guides/spring-security

https://www.baeldung.com/spring-security-with-maven

Read Spring Security Documentation for more knowledge.

To read more tech blogs, visit Knoldus Blogs.

Written by 

Anuradha Kumari is a Software consultant at Knoldus Inc. She is a tech enthusiast and likes to play with new technology and writing tech blogs.

Knoldus-logo-final
nashtech-logo-white

COMPANY

Sign up to our newsletter

    Certificates

    IOSTQB Platinum Partner-white
    cmmi5-white
    ISO 27001-white
    ISO 27002-white
    ISO 9001-white

    Partners

    knoldus-lightbend-white.png
    knoldus-databricks-white-.png
    knoldus-confluent-white.png
    knoldus-docker-white.png
    knoldus-hashiCorp-white.png
    knoldus-ibm-white.png
    knoldus-daml-white.png
    knoldus-datastax-white.png
    knoldus-kmine-white.png
    knoldus-rust-foundation-white.png
    knoldus-scala-white-1.png
    knoldus-snowflake-white-1.png
    umbraco 1
    aws-partner-logo 1
    Microsoft Gold Partner_white 1
    © 2023 Knoldus, Inc. All Rights Reserved.
    Part of NashTech
    Privacy Policy | Sitemap