- It handles authentication and authorization inside our application.
- authentication - if able to login or not
- authorization - what roles does loggedIn user has, admin or simple access ? or only read access or write access.
- Configuration:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
- using above dependency will secure each and every end point, and for accessing any end point we would need username and password.
- By default Spring Security uses - http basic authentication,
- Http basic authentication - here we send Authorization header from client/frontend/postman -
Authorization: Basic <encoded-string>, server/backend then decodes the string, extract the required things.ex: username and password. if the username and password is correct, then access is granted else Unauthorized error is given/thrown back - encoded-string - encoded in base64.
- If you have not created any user at your then spring will automatically create user and print password in console logs for your usage, and username will
user
- Http basic authentication - here we send Authorization header from client/frontend/postman -