The simplest possible authentication mechanism is basic authentication (http://en.wikipedia.org/wiki/Basic_access_authentication). In a nutshell, our pages will not be available without username and password.
Our server will indicate our resources are secured by sending the 401 Not Authorized
HTTP status code and generate a WWW-Authenticate
header.
To successfully pass the security check, the client must send an Authorization
header containing the Basic
value followed by a base 64 encoding of the user:password
string. A browser window will prompt the user for a username and a password, granting them access to the secured pages if authentication is successful.
Let's add Spring Security to our dependencies:
compile 'org.springframework.boot:spring-boot-starter-security'
Relaunch your application and navigate to any URL in your application. You will be prompted for a username and a password:
If you fail to authenticate, you will see that a 401
error is thrown. The default username...