Hi Friends hope you all are doing well. Today I am going to demonstrate you about implementation of Basic security for Spring Boot Rest Service,
Basic Authentication : where authentication header is added which contains combination of username and password in format as : authentication username:password in encrypted form. whenever you call REST API ,you need to present username and password in order to gain access to that API. There may be requirement that endpoint URL which are exposed as REST API need to best secured. that's all.
let's go ahead with coding part.
I am going to use java based configuration in order to setup spring security in this example.
Technology stack is being used:
1) Spring Boot 1.4.1 Release
2) Spring 4.2
3) Spring Security 4.0
4) Maven 4.0
5) JDK 1.7
6) Postman Rest Client Project Structure is as given below :
Below is the code given :
Application.java : main class to run Spring Boot Application
ApplicationInitializer.java : used to initialize front controller of Spring boot application
StudentController.java : Spring Boot Controller
Student.java : Plain Java Object used
now I am going to test this application using POSTMAN Client:
invalid credentials : error message will come in response
valid credentials : Response will be obtained
Thanks for going through this article. for any query ping me on npjava90@gmail.com
Basic Authentication : where authentication header is added which contains combination of username and password in format as : authentication username:password in encrypted form. whenever you call REST API ,you need to present username and password in order to gain access to that API. There may be requirement that endpoint URL which are exposed as REST API need to best secured. that's all.
let's go ahead with coding part.
I am going to use java based configuration in order to setup spring security in this example.
Technology stack is being used:
1) Spring Boot 1.4.1 Release
2) Spring 4.2
3) Spring Security 4.0
4) Maven 4.0
5) JDK 1.7
6) Postman Rest Client Project Structure is as given below :
Below is the code given :
Application.java : main class to run Spring Boot Application
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | package com.basicSecurity.config; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.context.web.SpringBootServletInitializer; import org.springframework.context.annotation.ComponentScan; @ComponentScan(basePackages = "com.basicSecurity") @SpringBootApplication public class Application extends SpringBootServletInitializer{ public static void main(String[] args) { SpringApplication.run(Application.class, args); } } |
ApplicationInitializer.java : used to initialize front controller of Spring boot application
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | package com.basicSecurity.config; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRegistration; import org.springframework.web.WebApplicationInitializer; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.servlet.DispatcherServlet; //WebApplicationInitializer used to init front controller programatically public class ApplicationInitializer implements WebApplicationInitializer { public void onStartup(ServletContext container) throws ServletException { AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext(); ctx.setServletContext(container); ServletRegistration.Dynamic servlet = container.addServlet("dispatcher", new DispatcherServlet(ctx)); servlet.setLoadOnStartup(1); servlet.addMapping("/"); } } |
AuthenticationEntryPoint.java : will be triggered when wrong/invalid credentials passed.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | package com.basicSecurity.config; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.stereotype.Component; //BasicAuthenticationEntryPoint that will be triggered when wrong credentials passed & response will be returned @Component public class AuthenticationEntryPoint extends BasicAuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx) throws IOException, ServletException { response.addHeader("WWW-Authenticate", "Basic realm=" +getRealmName()); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); PrintWriter writer = response.getWriter(); writer.println("HTTP Status 401:" + authEx.getMessage()); } @Override public void afterPropertiesSet() throws Exception { setRealmName("nppstack"); super.afterPropertiesSet(); } } |
SpringSecurityConfig.java : WebSecurityConfigurerAdapter class used for intializing spring security features using java configuration.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | package com.basicSecurity.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; //WebSecurityConfigurerAdapter and @EnableWebSecurity work together @Configuration @EnableWebSecurity public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationEntryPoint authEntryPoint; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().authenticated() .and().httpBasic() .authenticationEntryPoint(authEntryPoint); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("npp").password("npp").roles("USER"); } } |
StudentController.java : Spring Boot Controller
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | package com.basicSecurity.controller; import java.util.Arrays; import java.util.List; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import com.basicSecurity.model.Student; @Controller public class StudentController { @RequestMapping(path="/Student", method = RequestMethod.GET) public ResponseEntity<List<Student>> listStudent(){ return new ResponseEntity<List<Student>>(getStudents(), HttpStatus.OK); } @RequestMapping(path="/Student/{id}", method = RequestMethod.GET) public ResponseEntity<List<Student>> listStudent(@PathVariable(value = "id") String id){ List<Student> Students = getStudents(); if(Students.isEmpty()){ return new ResponseEntity<List<Student>>(HttpStatus.NO_CONTENT); } return new ResponseEntity<List<Student>>(Students, HttpStatus.OK); } private List<Student> getStudents() { Student Student1 = new Student(); Student1.setId("1"); Student1.setEmail("np90@gmail.com"); Student1.setName("nisarg"); Student1.setAddress("Bangalore, Karnataka"); Student Student2 = new Student(); Student2.setId("2"); Student2.setEmail("mohitp@yahoo.com"); Student2.setName("Mohit patel"); Student2.setAddress("Orissa"); Student Student3 = new Student(); Student3.setId("3"); Student3.setEmail("krishnkumar@gmail.com"); Student3.setName("krishn kumar"); Student3.setAddress("Bangalore, Karnataka"); Student Student4 = new Student(); Student4.setId("4"); Student4.setEmail("prakashshah@gmail.com"); Student4.setName("Prakash shah"); Student4.setAddress("Ahmedabad, Gujarat"); return Arrays.asList(Student1, Student2, Student3, Student4); } } |
Student.java : Plain Java Object used
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | package com.basicSecurity.model; public class Student { private String id; private String name; private String address; private String email; public String getId() { return id; } public void setId(String id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String getAddress() { return address; } public void setAddress(String address) { this.address = address; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } } |
now I am going to test this application using POSTMAN Client:
invalid credentials : error message will come in response
valid credentials : Response will be obtained
Thanks for going through this article. for any query ping me on npjava90@gmail.com
