{"id":22610846,"url":"https://github.com/sshehrozali/spring-security-basicauth-example","last_synced_at":"2026-05-09T10:37:54.821Z","repository":{"id":60703408,"uuid":"543947656","full_name":"sshehrozali/spring-security-basicAuth-example","owner":"sshehrozali","description":"An example application to demonstrate the use of HTTP BasicAuth using Spring Security framework.","archived":false,"fork":false,"pushed_at":"2023-06-14T22:27:06.000Z","size":172,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-03T09:46:59.883Z","etag":null,"topics":["base64","basic-auth","csrf","http-basic-auth","security","spring-boot","spring-framework","spring-security"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sshehrozali.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-01T08:20:56.000Z","updated_at":"2022-10-07T09:14:45.000Z","dependencies_parsed_at":"2025-02-03T09:40:56.066Z","dependency_job_id":"f5bac10d-abfd-4ad0-8604-0d7c476dd7b0","html_url":"https://github.com/sshehrozali/spring-security-basicAuth-example","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshehrozali%2Fspring-security-basicAuth-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshehrozali%2Fspring-security-basicAuth-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshehrozali%2Fspring-security-basicAuth-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshehrozali%2Fspring-security-basicAuth-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sshehrozali","download_url":"https://codeload.github.com/sshehrozali/spring-security-basicAuth-example/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246112666,"owners_count":20725301,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["base64","basic-auth","csrf","http-basic-auth","security","spring-boot","spring-framework","spring-security"],"created_at":"2024-12-08T16:08:19.988Z","updated_at":"2026-05-09T10:37:54.771Z","avatar_url":"https://github.com/sshehrozali.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Overview\nThe application is designed to demonstrate the most common use of **Spring Security** using the **BasicAuth** pattern to allow authentication to different users in the system. Checkout the `ApplicationSecurityConfig` class to better understand the behaviour of BasicAuth pattern.\n\n### BasicAuth\nThe BasicAuth is the most common approach to easily introduce authentication into your system by securing your endpoints (except those who you whitelist explicitly using `.antMatchers()` and `.permitAll()`). It works by sending _username_ and _password_ in request headers using **Base64** which then server reads to match with stored username and password.\n\n#### How it works?\n![](misc/basicauth.png)\n\n#### Implementation\nFor implementing HTTP BasicAuth in your Spring applications, you need to override `configure(HTTPSecurity http)` method by setting `http.` to `.httpBasic()` and implement the below methods to use HTTP BasicAuth to secure your REST endpoints. Checkout `ApplicationSecurityConfig` class under `security` package to understand more about the implementation. \n\n* #### `InMemoryUserDetailsManager`\nThe application currently uses this method to store multiple `UserDetails` objects and stores it in-memory. This means that when the system starts it is stored **in-memory** i.e. no persistence maintained over entire life-time.\n\n* #### `BCryptPasswordEncoder`\nThe application uses this method to encode plain raw password and then store the `UserDetails` in-memory as forced by Spring Security. Checkout `PasswordConfig` class to understand the usage. The `PasswordEncoder` is injected into `ApplicationSecurityConfig` class via constructor-based approach annotated with `@Autowired`. The `UserDetails.builder().password()` is passed `passwordEncoder.encode(_your-password_)` which encrypts the password and then stores it in-memory.\n\n### Roles \u0026 Permissions\nThe project uses Java `enum` (check under `security` package) to define roles and permissions in the system. The system contains two roles:\n* `ADMIN`: Full-access over the system. Includes all READ, WRITE exclusive permissions.\n* `STUDENT`: Limited access. Can READ information but limited to WRITE.\n\nThe diagram below represents the encapsulated version.\n\n![](misc/roles_permissions.png)\n\n### Authentication\nThe application supports two forms of authentications:\n\n* #### ROLE based authentication\nThe role based authentication works on reading specified `.role(_ROLE_)` of each `UserDetails` object in-memory. We specified each endpoint using `.antMatchers(_ENDPOINT_)` and `.hasRoles(_ROLE_)` so it blocks and forwards only those User requests which has the matching specified role. Checkout `ApplicationUserRoles` and `ApplicationUserPermissions` enums to understand more about the implementation.\n\n* #### PERMISSION based authentication\nThe permission based authentication works on checking each incoming requests type and granting access on basis of specified permissions on type of request method. We have specified each `StudentManagement` API endpoint in `.antMatchers(_ENDPOINT_)` and `.hasAuthorities(_PERMISSION_)`. We have also specified `.authorities()` to each `UserDetails` object in-memory. Checkout `ApplicationUserRoles` and `ApplicationUserPermissions` enums to understand more about the implementation.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsshehrozali%2Fspring-security-basicauth-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsshehrozali%2Fspring-security-basicauth-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsshehrozali%2Fspring-security-basicauth-example/lists"}