Spring Boot + REST Jersey (Adding Spring Security 4) Part 4

In the previous post we explained how to use HATEOAS step by step using Spring boot Spring Boot + REST Jersey (Adding Spring HATEOAS and MapStruct) Part 3, and we are going to use this project as base to implement Spring Security with basic authentication.

Step 1: Configuration

Spring boot has starter dependencies that are very useful to add new modules to our application, in this example we will add the spring-boot-starter-security dependency as follows:


Step 2: Modifying our Repository

In the post Spring Boot + REST Jersey (Adding Spring HATEOAS and MapStruct) Part 3 we created the repositories UserRepository and RoleRepository. In this example we are going to add a method to UserRepository that will find a user by username.

package com.raidentrance.repositories;

import org.springframework.data.repository.CrudRepository;
import com.raidentrance.entities.User;

 * @author raidentrance
public interface UserRepository extends CrudRepository<User, Integer> {
	User findByUsername(String username);

We don’t need to implement the method findByUsername(String username) because Spring data will create the implementation based in a convention.

Step 3: Adding an AuthenticatorService

AuthenticatorService will be the responsible to execute the authentication in the application, the logic will be: Find a user and its role and return it, we don’t need to create a logic to compare users or passwords it will be done by Spring.

package com.raidentrance.service;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.raidentrance.entities.User;
import com.raidentrance.repositories.UserRepository;

 * @author raidentrance
public class AuthenticatorService implements UserDetailsService {
	private UserRepository userRepository;

	private static final Logger LOG = LoggerFactory.getLogger(AuthenticatorService.class);

	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		LOG.info("Trying to authenticate to {}", username);
		User user = userRepository.findByUsername(username);
		if (user == null) {
			throw new UsernameNotFoundException("Username " + username + " not found");
		} else {
			Collection<? extends GrantedAuthority> authorities = getGrantedAuthorities(user);
			return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities);

	private Collection<? extends GrantedAuthority> getGrantedAuthorities(User user) {
		List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
		list.add(new GrantedAuthority() {
			private static final long serialVersionUID = 2409931876244987359L;
			public String getAuthority() {
				return user.getRole().getName();
		return list;

Step 4: Configuring Spring security

Once we created the AuthenticatorService we need to define which endpoints do we want to authenticate.

package com.raidentrance.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import com.raidentrance.service.AuthenticatorService;

 * @author raidentrance
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
	private AuthenticatorService authenticatorService;

	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

	protected void configure(HttpSecurity http) throws Exception {

The method configureGlobal is used to define who is going to search the user, in this example it will use AuthenticatorService previously created.

The method configure is used to define the protected url’s and the authentication mechanism. In this example we are going to use Basic authentication.

Enpoint:  http://localhost:8080/users

Header: Authorization Basic cmFpZGVudHJhbmNlOnN1cGVyU2VjcmV0

How to create the header

The value of the header Authorization is created in the following way:

Authorization Basic   :  It is the name of the header and the authentication mechanism

cmFpZGVudHJhbmNlOnN1cGVyU2VjcmV0 : This is the value and it is the user:password in base64, in this way it is raidentrance:superSecret in base64.

Testing with CURL

curl http://localhost:8080/users -XGET --user raidentrance:superSecret

Testing with Postman



You can find the complete code in the following link : https://github.com/raidentrance/spring-boot-example/tree/part4-adding-security

If you want to learn more about Spring and REST we recommend the following books:

Autor: Alejandro Agapito Bautista

Twitter: @raidentrance




Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión /  Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )

Conectando a %s