Customize the Spring security to permit all the requests





Hey guys in this post, we will discuss customizing the Spring security to allow all the requests. This is the continuation of the previous post, make sure to check the previous post before proceeding.

Complete example


Let’s create a step-by-step spring boot project and add spring security to the application

Create spring boot project


There are many different ways to create a spring boot application, you can follow the below articles to create one –

>> Create spring boot application using Spring initializer
>> Create spring boot application in Spring tool suite [STS]
>> Create spring boot application in IntelliJ IDEA

Add maven dependencies


Open pom.xml and add the following dependencies –

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.4.5</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>
	<groupId>in.bushansirgur</groupId>
	<artifactId>springsecurityproject</artifactId>
	<version>v1</version>
	<name>springsecurityproject</name>
	<description>Spring security project</description>
	<properties>
		<java.version>1.8</java.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

spring-boot-starter-web dependency for building web applications using Spring MVC. It uses the tomcat as the default embedded container. spring-boot-starter-security dependency, which will help to implement spring security.

Change the username and password


Spring Security also provides an option to change the default username and password with the help of the application.properties file

spring.security.user.name=b2tech
spring.security.user.password=b2tech

inside the properties file, we are adding our own username and password to access the URIs instead of the one provided by spring security. By adding these two properties, now we have customized the username and password of the spring security framework.




Once we added these two properties, spring-security will no longer generate the password inside the console when we run the app.

Create a Rest controller


Create HomeController.java inside the in.bushansirgur.springboot.controller package and add the following content

package in.bushansirgur.springboot.controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HomeController {
	
	@RequestMapping("/home")
	public String showHomePage () {
		return "displaying the home page contents";
	}
	
	@RequestMapping("/protected")
	public String protectedPage () {
		return "displying the protected page contents";
	}
}

We have created two handler methods showHomePage(), which is mapped to /home, anyone can access this URI and protectedPage(), which is mapped to /protected, only authorized users can access this URI.

Create a configuration class


Let’s customize the spring security to deny all the URIs. Create ProjectSecurityConfig.java inside the in.bushansirgur.springboot.config package and add the following content.

package in.bushansirgur.springboot.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
public class ProjectSecurityconfig extends WebSecurityConfigurerAdapter{

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		//config to permit all the requests
		
		http.authorizeRequests().anyRequest().permitAll()
		.and()
		.formLogin()
		.and()
		.httpBasic();
		
	}
}

Here we are calling the denyAll() method for all the requests using anyRequest() on the HttpSecurity object. This will deny all the requests irrespective of the URI.

Run the app


Run the application using the below maven command –

mvn spring-boot:run

Open the browser and enter the following URL –
http://localhost:8080/protected
Screenshot-2021-05-10-at-10-08-46-AM

That’s it for this post, if you like this post, consider sharing this with your friends and colleagues or you can share this with any social media.



About the author

Bushan Sirgur

Hey guys, I am Bushan Sirgur from Banglore, India. Currently, I am working as an Associate project in an IT company.

View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *