{"id":19827355,"url":"https://github.com/sandysanthosh/spring-boot-security","last_synced_at":"2026-04-13T06:32:39.059Z","repository":{"id":37825741,"uuid":"212867606","full_name":"sandysanthosh/Spring-Boot-Security","owner":"sandysanthosh","description":"Spring boot security ","archived":false,"fork":false,"pushed_at":"2023-01-29T15:50:14.000Z","size":68,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-11T09:24:05.186Z","etag":null,"topics":["maven","security","spring","springboot"],"latest_commit_sha":null,"homepage":"https://sandysanthosh.github.io/Spring-Boot-Security/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sandysanthosh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-04T17:21:55.000Z","updated_at":"2022-06-16T05:33:28.000Z","dependencies_parsed_at":"2023-02-15T23:45:38.712Z","dependency_job_id":null,"html_url":"https://github.com/sandysanthosh/Spring-Boot-Security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandysanthosh%2FSpring-Boot-Security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandysanthosh%2FSpring-Boot-Security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandysanthosh%2FSpring-Boot-Security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandysanthosh%2FSpring-Boot-Security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sandysanthosh","download_url":"https://codeload.github.com/sandysanthosh/Spring-Boot-Security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241183667,"owners_count":19923930,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["maven","security","spring","springboot"],"created_at":"2024-11-12T11:13:05.623Z","updated_at":"2025-10-18T20:30:12.796Z","avatar_url":"https://github.com/sandysanthosh.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# spring-basic-security\n\nSpring Security : Basic Authentication and Authorization  using spring boot\n\n\nIn a Spring Boot application, you can double check that a user is authenticated by using Spring Security. One way to do this is to create a custom filter that checks if the user is authenticated and has the necessary roles or permissions to access a certain resource. You can then configure your application to use this filter for specific URLs or request types. Additionally, you can use the **SecurityContextHolder** to check if the current user is authenticated and has the necessary roles or authorities. You can also use the **@PreAuthorize** and **@PostAuthorize** annotations to check the authentication and authorization of a user before or after a method is called.\n\n\nDependency:\n\n```\nDevTools\nSecutiry \nWeb\n```\n\n### Example:\n\n```\n\n@SuppressWarnings(\"deprecation\")\n@configuration\npublic class springsecurity extends WebSecurityConfigureAdapter{\n\n@Override\nprotected void configure(AuthenticationManagerBuilder auth) throws exception {\n\nauth.inMemoryAuthentication().withUser(\"Java Techie\").password(\"Password\").roles(\"ADMIN\");\nauth.inMemoryAuthentication().withUser(\"Basant\").password(\"Password2\").roles(\"USER\");\n\n}\n\n//Security for all API\n\n@Override\n\tprotected void configure(HttpSecurity http) throws Exception {\n\t\thttp.csrf().disable();\n\t\thttp.authorizeRequests().antMatchers(\"/rest/**\").hasAnyRole(\"ADMIN\").anyRequest().fullyAuthenticated().and()\n\t\t\t\t.httpBasic();\n\t}\n@Bean\n\tpublic static NoOpPasswordEncoder passwordEncoder() {\n\t\treturn (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();\n\t}\n}\n    \n```    \n    \n   \n    \n    \n   #### custom filter that checks if a user is authenticated and has the necessary role to access a certain resourc:\n   \n   \n```   \n   \n   import java.io.IOException;\nimport javax.servlet.FilterChain;\nimport javax.servlet.ServletException;\nimport javax.servlet.ServletRequest;\nimport javax.servlet.ServletResponse;\nimport javax.servlet.http.HttpServletRequest;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.security.core.context.SecurityContextHolder;\nimport org.springframework.web.filter.GenericFilterBean;\n\npublic class AuthenticationFilter extends GenericFilterBean {\n\n    @Override\n    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)\n            throws IOException, ServletException {\n        Authentication authentication = TokenAuthenticationService\n                .getAuthentication((HttpServletRequest) request);\n        SecurityContextHolder.getContext().setAuthentication(authentication);\n        filterChain.doFilter(request, response);\n    }\n}\n\n\n\n```\n\n\n\nThis filter uses the **TokenAuthenticationService** to extract the authentication information from the request and sets it in the **SecurityContextHolder**. You can then configure your application to use this filter for specific URLs or request types.\n\n\nHere is an example of using the **@PreAuthorize** and **@PostAuthorize** annotations to check the authentication and authorization of a user before or after a method is called:\n\n\n```\n@PreAuthorize(\"hasRole('ROLE_ADMIN')\")\n@PostAuthorize(\"hasRole('ROLE_USER')\")\npublic void getResource() {\n    //resource logic\n}\n\n```\n\nThis code checks if the user has the role of ROLE_ADMIN before the method is executed and if the user has the role of ROLE_USER after the method is executed.\n\nIn addition to this you can also use following code to check authentication\n\n\n```\n@RequestMapping(\"/user\")\npublic Principal user(Principal user) {\n    return user;\n}\n\n```\n\nThis code returns the user details of the currently logged in user\n\nPlease note, this is only an example and you may need to adjust it to fit the specific needs of your application.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandysanthosh%2Fspring-boot-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsandysanthosh%2Fspring-boot-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandysanthosh%2Fspring-boot-security/lists"}