The Spring Boot application that was created in previous chapters is necessary.
Spring Security (https://spring.io/projects/spring-security) provides security services for Java-based web applications. The Spring Security project started in 2003 and was previously named The Acegi Security System for Spring.
By default, Spring Security enables the following features:
- An
AuthenticationManager
bean with an in-memory single user. The username isuser
and the password is printed to the console output. - Ignored paths for common static resource locations, such as
/css
,/images
, and more. - HTTP basic security for all other endpoints.
- Security events published to Spring
ApplicationEventPublisher
. - Common low-level features are on by default (HSTS, XSS, CSRF, and so forth).
You can include Spring Security in your application by adding the following dependency to the pom.xml
file:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId...