Chapter 4. Securing Spring


This chapter covers

  • Autoconfiguring Spring Security
  • Defining custom user storage
  • Customizing the login page
  • Securing against CSRF attacks
  • Knowing your user

Have you ever noticed that most people in television sitcoms don’t lock their doors? In the days of Leave it to Beaver, it wasn’t so unusual for people to leave their doors unlocked. But it seems crazy that in a day when we’re concerned with privacy and security, we see television characters enabling unhindered access to their apartments and homes.

Information is probably the most valuable item we now have; crooks are looking for ways to steal our data and identities by sneaking into unsecured applications. As software developers, we must take steps to protect the information that resides in our applications. Whether it’s an email account protected with a username-password pair or a brokerage account protected with a trading PIN, security is a crucial aspect of most applications.

4.1. Enabling Spring Security

The very first step in securing your Spring application is to add the Spring Boot security starter dependency to your build. In the project’s pom.xml file, add the following <dependency> entry:


4.2. Configuring Spring Security

4.3. Securing web requests

4.4. Knowing your user