{"id":94444,"date":"2019-07-22T13:00:06","date_gmt":"2019-07-22T10:00:06","guid":{"rendered":"http:\/\/www.javacodegeeks.com\/?p=94444"},"modified":"2019-07-29T09:08:02","modified_gmt":"2019-07-29T06:08:02","slug":"simple-authentication-spring-security","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/2019\/07\/simple-authentication-spring-security.html","title":{"rendered":"Simple Authentication with Spring Security"},"content":{"rendered":"<p><span style=\"font-size: 20px;\"><strong>Friends don\u2019t let friends write user auth. Tired of managing your own users?<\/strong><a href=\"https:\/\/developer.okta.com\/signup\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&#038;utm_source=jcg&#038;utm_medium=cpc\" target=\"_blank\" rel=\"noreferrer noopener\"> Try Okta\u2019s API and Java SDKs today. Authenticate, manage, and secure users in any application within minutes.<\/a><\/p>\n<p>Authentication is vital to all but the most basic web applications. Who is making the request, wanting data, or wanting to update or delete data? Can you be sure that the request is coming from the stated user or agent? Answering this question with certainty is hard in today\u2019s computer security environment. Fortunately, there is absolutely no reason to reinvent the wheel.<\/p>\n<p>Spring Boot with Spring Security is a powerful combination for web application development. With relatively few lines of code, you can implement a variety of authentication systems. These systems are tested, updated, and implemented according to specifications by experts.<\/p>\n<p>In this tutorial, you are going to build a very simple Spring Boot app that starts with basic-auth and progresses through form-based authentication, custom form-based authentication, and OAuth 2.0 \/ OpenID Connect using Okta as the OAuth provider. We will also look at SAML auth. The Spring Security SAML implementation, however, is currently in transition and not updated to the most current version of Spring Boot.<\/p>\n<p>This tutorial looks specifically at authentication, leaving authorization for another day. Authentication answers the question: who is making the request. Authorization comes after authentication and answers the question: is the authenticated user allowed to make the specific request?<\/p>\n<h2 class=\"wp-block-heading\" id=\"assumptions-authentication-spring-security\">Requirements and Assumptions for Authentication with Spring Security<\/h2>\n<p>This tutorial assumes a basic familiarity with Java and Spring Boot. The project utilizes the Gradle build system (because I find Groovy DSL endlessly preferable to XML). You do not need Gradle installed, however, since all projects include the Gradle wrapper.<\/p>\n<p>You do not need a comprehensive understanding of OAuth 2.0 and OpenID Connect (OIDC) &#8211; thankfully, because it\u2019s complex, detailed, and sprawling at times. I\u2019m still working to understand many aspects of it. However, a basic understanding would be helpful. If you want to go deeper, there are some links at the end of the article that can help you.<\/p>\n<p>Very (very) briefly, OAuth 2.0 is the second major version of Open Authorization, an open-source authorization specification. From&nbsp;<a href=\"https:\/\/oauth.net\/2\/\">the OAuth spec committee<\/a>: \u201cOAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.\u201d Notice two things: 1) it\u2019s authorization only, so no authentication; and 2) it\u2019s a specification, so there\u2019s no implementation. OIDC builds on top of OAuth 2.0 to add an identity layer (authentication) using a well-defined token.<\/p>\n<h2 class=\"wp-block-heading\" id=\"spring-security-authentication-okta\">Spring Security Authentication with Okta<\/h2>\n<p>Okta is an identity access and management company that provides a whole host of software-as-service identity products. We have an implementation of OAuth 2.0 and OpenID Connect that makes adding single sign-on (SSO) to a Spring Boot app easy.<\/p>\n<p>Our API enables you to:<\/p>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/developer.okta.com\/product\/authentication\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Authenticate<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/developer.okta.com\/product\/authorization\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">authorize<\/a>&nbsp;your users<\/li>\n<li>Store data about your users<\/li>\n<li>Perform password-based and&nbsp;<a href=\"https:\/\/developer.okta.com\/authentication-guide\/social-login\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">social login<\/a><\/li>\n<li>Secure your application with&nbsp;<a href=\"https:\/\/developer.okta.com\/use_cases\/mfa\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">multi-factor authentication<\/a><\/li>\n<li>And much more! Check out our&nbsp;<a href=\"https:\/\/developer.okta.com\/documentation\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">product documentation<\/a>&nbsp;for more information<\/li>\n<\/ul>\n<p><a href=\"https:\/\/developer.okta.com\/signup\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Register for a forever-free developer account<\/a>, and when you\u2019re done, come back to learn more about building authentication with Spring Boot and Spring Security.<\/p>\n<p>Other than that, you need a computer and a web browser. And if you didn\u2019t have those, well, how would you be here?<\/p>\n<h2 class=\"wp-block-heading\" id=\"download-spring-security\">Download the Spring Security Example Apps <\/h2>\n<p>Go ahead and download the example apps from this tutorial\u2019s&nbsp;<a href=\"https:\/\/github.com\/oktadeveloper\/okta-spring-security-authentication-example\">GitHub repository<\/a>. <\/p>\n<pre class=\"gutter: false;brush:bash\">git clone https:\/\/github.com\/oktadeveloper\/okta-spring-security-authentication-example.git<\/pre>\n<p>In the project you will see three directories: <\/p>\n<ul class=\"wp-block-list\">\n<li><code style=\"font-size:13px\">basic-auth<\/code><\/li>\n<li><code style=\"font-size:13px\">form-auth<\/code><\/li>\n<li><code style=\"font-size:13px\">okta-oauth<\/code><\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">Dive Into Basic Authentication with Spring Security <\/h2>\n<p>Basic authentication is by far the easiest method. Unfortunately, it was designed for simpler times on the internet. It\u2019s not really functional for professional applications. I\u2019ve used it for in-house tools on occasion when I needed something simple and quick to keep casual surfers off of a page. However, basic auth sends a users credentials in essentially plain text (base64 encoded) in the HTTP authentication header. Thus basic auth should&nbsp;<strong>always<\/strong>&nbsp;be combined with SSL to protect the user credentials. Basic auth also uses a browser-generated popup panel for retrieving the user credentials. The panel cannot be styled or customized.<\/p>\n<p>First, take a look at the&nbsp;<code style=\"font-size:13px\">build.gradle<\/code>&nbsp;file.<\/p>\n<pre class=\"gutter: false;brush:bash\">plugins {  \n  id 'org.springframework.boot' version '2.1.5.RELEASE'  \n  id 'java'  \n}  \n  \napply plugin: 'io.spring.dependency-management'  \n\ngroup = 'com.okta.springsecurityauth'  \nversion = '0.0.1-SNAPSHOT'  \nsourceCompatibility = '1.8'  \n  \nrepositories {  \n  mavenCentral()  \n}  \n  \ndependencies {  \n  implementation 'org.springframework.boot:spring-boot-starter-security'  \n  implementation 'org.springframework.boot:spring-boot-starter-web'  \n  testImplementation 'org.springframework.boot:spring-boot-starter-test'  \n  testImplementation 'org.springframework.security:spring-security-test'  \n}<\/pre>\n<p>This line sets the Spring Boot version: <\/p>\n<pre class=\"gutter: false;brush:bash\">id 'org.springframework.boot' version '2.1.5.RELEASE' <\/pre>\n<p>These are the two dependencies that include Spring Security and Spring MVC. <\/p>\n<pre class=\"gutter: false;brush:bash\">implementation 'org.springframework.boot:spring-boot-starter-security'  \nimplementation 'org.springframework.boot:spring-boot-starter-web' <\/pre>\n<p>The rest is pretty much boilerplate.<\/p>\n<p>Here is the main application file (<code style=\"font-size:13px\">src\/main\/java\/com\/okta\/springsecurityauth\/Application.java<\/code>).<\/p>\n<pre class=\"gutter: false;brush:java\">package com.okta.springsecurityauth;  \n  \nimport org.springframework.boot.SpringApplication;  \nimport org.springframework.boot.autoconfigure.SpringBootApplication;  \n  \n@SpringBootApplication  \npublic class Application {  \n  \n    public static void main(String[] args) {  \n        SpringApplication.run(Application.class, args);  \n    }\n}<\/pre>\n<p>This is the entry point for the Java application. The main thing to note is how little is there. The&nbsp;<code style=\"font-size:13px\">@SpringBootApplication<\/code>annotation tells Spring to bootstrap in all of the Spring Boot goodness.<\/p>\n<p>Next take a look at the WebController,&nbsp;<code style=\"font-size:13px\">src\/main\/java\/com\/okta\/springsecurityauth\/WebController.java<\/code>.<\/p>\n<pre class=\"gutter: false;brush:java\">package com.okta.springsecurityauth;  \n  \nimport org.springframework.stereotype.Controller;  \nimport org.springframework.web.bind.annotation.RequestMapping;  \nimport org.springframework.web.bind.annotation.ResponseBody;  \n  \n@Controller  \npublic class WebController {  \n\n    @RequestMapping(\"\/\")\n    @ResponseBody\n    public String index() {\n        return \"Welcome home!\";\n    }\n}<\/pre>\n<p>The web controller file has a little more action. This is where the only HTTP endpoint of the project is defined. This file defines a simple home controller that returns a text string.<\/p>\n<p>The&nbsp;<code style=\"font-size:13px\">@Controller<\/code>&nbsp;annotation tells Spring that the file is defining web controller endpoints. The&nbsp;<code style=\"font-size:13px\">@RequestMapping<\/code>&nbsp;annotation defines the mapping between the HTTP requests and the controller methods. And the&nbsp;<code style=\"font-size:13px\">@ResponseBody<\/code>&nbsp;annotation tells Spring that the method is going to return the request body directly as a String, as opposed to returning the name of a template file.<div style=\"display:inline-block; margin: 15px 0;\"> <div id=\"adngin-JavaCodeGeeks_incontent_video-0\" style=\"display:inline-block;\"><\/div> <\/div><\/p>\n<p>The last file is where all of the security is defined. Cleverly it\u2019s named&nbsp;<code style=\"font-size:13px\">SecurityConfiguration.java<\/code>.<\/p>\n<p>Take a look,&nbsp;<code style=\"font-size:13px\">src\/main\/java\/com\/okta\/springsecurityauth\/SecurityConfiguration.java<\/code><\/p>\n<pre class=\"gutter: false;brush:java\">package com.okta.springsecurityauth;  \n  \nimport org.springframework.context.annotation.Configuration;  \nimport org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  \nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;  \nimport org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  \n  \n@Configuration  \npublic class SecurityConfiguration extends WebSecurityConfigurerAdapter {  \n      \n    @Override  \n    public void configure(HttpSecurity http) throws Exception {  \n        http  \n            .authorizeRequests()  \n            .anyRequest().authenticated()  \n            .and()  \n            .httpBasic();  \n    }  \n      \n    @Override  \n    protected void configure(AuthenticationManagerBuilder auth) throws Exception {  \n        auth.inMemoryAuthentication()  \n            .withUser(\"user\")  \n            .password(\"{noop}pass\") \/\/ Spring Security 5 requires specifying the password storage format  \n            .roles(\"USER\");  \n    }  \n      \n}<\/pre>\n<p>You can see how little configuration is required. In the first method, the fluent API is used with the&nbsp;<code style=\"font-size:13px\">HttpSecurity<\/code>&nbsp;object to configure Spring Security: security is activated, all requests are authenticated, and HTTP basic is used.<\/p>\n<p>The second method is really just a bit of a hack for this tutorial. It configures an in-memory authentication manager and creates a user with credentials&nbsp;<code style=\"font-size:13px\">user:pass<\/code>.<\/p>\n<p>Let\u2019s give it a try! From a terminal, go to the root directory of the project.<\/p>\n<p>Run the project using:&nbsp;<code style=\"font-size:13px\">.\/gradlew bootRun<\/code>.<\/p>\n<p>Navigate to&nbsp;<code style=\"font-size:13px\">http:\/\/localhost:8080<\/code>.<\/p>\n<p>You\u2019ll see the browser-generated login form. Enter the credentials&nbsp;<code style=\"font-size:13px\">user<\/code>&nbsp;and&nbsp;<code style=\"font-size:13px\">pass<\/code>. You\u2019ll see the wonderful success page that says, \u201cWelcome home!\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"step-up-to-form-based-authentication\">Step-up To Form-Based Authentication with Spring Security <\/h2>\n<p>HTTP Basic authentication is about as simple as it gets and really isn\u2019t all that useful in the real world. Form-based authentication is a lot more realistic. Open the&nbsp;<code style=\"font-size:13px\">\/form-auth<\/code>&nbsp;folder in your IDE.<\/p>\n<p>The&nbsp;<code style=\"font-size:13px\">build.gradle<\/code>&nbsp;file is the same. So are the&nbsp;<code style=\"font-size:13px\">Application.java<\/code>&nbsp;and the&nbsp;<code style=\"font-size:13px\">WebController.java<\/code>&nbsp;files. The only significant change is in the&nbsp;<code style=\"font-size:13px\">SecurityConfiguration.java<\/code>&nbsp;file (and in this file, only one line has changed).<\/p>\n<p><code style=\"font-size:13px\">src\/main\/java\/com\/okta\/springsecurityauth\/SecurityConfiguration.java<\/code>:<\/p>\n<pre class=\"gutter: false;brush:java\">\npackage com.okta.springsecurityauth;  \n  \n... \n  \n@Configuration  \npublic class SecurityConfiguration extends WebSecurityConfigurerAdapter {  \n      \n    @Override  \n    public void configure(HttpSecurity http) throws Exception {  \n        http  \n            .authorizeRequests()  \n            .anyRequest().authenticated()  \n            .and()  \n            .formLogin();  \/\/ <-- this was changed\n    }  \n\n    ...\n}<\/pre>\n<p>See how ridiculously simple Spring is making things for us. All you had to do was change the&nbsp;<code style=\"font-size:13px\">httpBasic()<\/code>&nbsp;fluent method to&nbsp;<code style=\"font-size:13px\">formLogin()<\/code>&nbsp;and Spring Boot automatically generates a login form for you.<\/p>\n<p>Run it using&nbsp;<code style=\"font-size:13px\">.\/gradlew bootRun<\/code>.<\/p>\n<p>You\u2019ll see the auto-generated Spring Boot login form.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" width=\"462\" height=\"375\" style=\"border:none\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/signIn.png\" alt=\"\" class=\"wp-image-94450\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/signIn.png 462w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/signIn-300x244.png 300w\" sizes=\"(max-width: 462px) 100vw, 462px\" \/><\/figure>\n<\/div>\n<p>But what if you want to style your own custom form instead of using the Spring-generated one? It\u2019s not much more work.<\/p>\n<p>First, add the Thymeleaf dependency to your&nbsp;<code style=\"font-size:13px\">build.gradle<\/code>&nbsp;file:<\/p>\n<pre class=\"gutter: false;brush:java\">dependencies {  \n  ...\n  implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'  \n  ...\n}<\/pre>\n<p>Update the&nbsp;<code style=\"font-size:13px\">WebController.java<\/code>&nbsp;file with two new controller methods: <\/p>\n<pre class=\"gutter: false;brush:java\">package com.okta.springsecurityauth;  \n  \nimport org.springframework.stereotype.Controller;  \nimport org.springframework.ui.Model;  \nimport org.springframework.web.bind.annotation.RequestMapping;  \nimport org.springframework.web.bind.annotation.ResponseBody;  \n  \n@Controller  \npublic class WebController {  \n      \n    @RequestMapping(\"\/\")  \n    @ResponseBody  \n    public String index() {  \n        return \"You made it!\";  \n    }  \n  \n    @RequestMapping(\"\/login.html\")  \n    public String login() {  \n        return \"login.html\";  \n    }  \n  \n    @RequestMapping(\"\/login-error.html\")  \n    public String loginError(Model model) {  \n        model.addAttribute(\"loginError\", true);  \n        return \"login.html\";  \n    }  \n      \n}<\/pre>\n<p>Notice that the&nbsp;<code style=\"font-size:13px\">\/login-error.html<\/code>&nbsp;path uses the same template as the&nbsp;<code style=\"font-size:13px\">\/login.html<\/code>&nbsp;path, but adds a&nbsp;<code style=\"font-size:13px\">loginError<\/code>attribute to the&nbsp;<code style=\"font-size:13px\">Model<\/code>. This is simply a way of handling errors.<\/p>\n<p>Also, notice that the new controller methods do not have the&nbsp;<code style=\"font-size:13px\">@ResponseBody<\/code>&nbsp;annotation. This, combined with the new Thymeleaf dependency, means that these methods are returning the name of the template to be rendered (as opposed to the raw response). The templates are assumed by default to be in the&nbsp;<code style=\"font-size:13px\">src\/main\/resources\/templates<\/code>&nbsp;folder.<\/p>\n<p>Add a new file:&nbsp;<code style=\"font-size:13px\">src\/main\/resources\/templates\/login.html<\/code>:<\/p>\n<pre class=\"gutter: false;brush:html\">&lt;!DOCTYPE html&gt;  \n&lt;html xmlns:th=\"http:\/\/www.thymeleaf.org\"&gt;  \n&lt;head&gt;  \n    &lt;title&gt;Login page&lt;\/title&gt;  \n    &lt;style&gt;  \n        #container {  \n            padding-top:50px;  \n            width:400px;  \n            margin: 0 auto;  \n            font-size:1.5rem;  \n        }  \n        input {  \n            width: 100%;  \n            display:block;  \n            padding: 5px;  \n            font-size: 1.1rem;  \n            box-sizing: border-box;  \n        }  \n        label {  \n            margin-top:10px;  \n            display:block;  \n        }  \n        #submit, #submit:focus {  \n            margin-top: 20px;  \n            border-radius: 8px;  \n            padding: 10px;  \n            color: white;  \n            background-color: #2084ba;  \n            border: none;  \n        }  \n        .error {  \n            color: white;  \n            background-color: indianred;  \n            opacity: 0.7;  \n            padding: 10px;  \n            width: 100%;  \n            text-align: center;  \n            box-sizing: border-box;  \n            border-radius: 8px;  \n        }  \n    &lt;\/style&gt;  \n&lt;\/head&gt;  \n&lt;body&gt;  \n&lt;div id=\"container\"&gt;  \n    &lt;h2&gt;Login page&lt;\/h2&gt;  \n    &lt;form th:action=\"@{\/login.html}\" method=\"post\"&gt;  \n        &lt;label for=\"username\"&gt;User&lt;\/label&gt;  \n        &lt;input type=\"text\" id=\"username\" name=\"username\" autofocus=\"autofocus\" \/&gt;  \n        &lt;label for=\"password\"&gt;Pass&lt;\/label&gt;  \n        &lt;input type=\"password\" id=\"password\" name=\"password\" \/&gt;  \n        &lt;input id=\"submit\" type=\"submit\" value=\"Log in\" \/&gt;  \n    &lt;\/form&gt;  \n    &lt;p th:if=\"${loginError}\" class=\"error\"&gt;There was a problem logging you in&lt;\/p&gt;  \n&lt;\/div&gt;  \n&lt;\/body&gt;  \n&lt;\/html&gt;<\/pre>\n<p>This is the Thymeleaf template file used for the login page. Thymeleaf is the standard templating system used with Spring Boot. It\u2019s a fully-featured templating system with tons of features. Check out&nbsp;<a href=\"https:\/\/www.thymeleaf.org\/\">the project website<\/a>&nbsp;for more info.<\/p>\n<p>The last change you need to make is to update the&nbsp;<code style=\"font-size:13px\">configure(HttpSecurity http)<\/code>&nbsp;method in the<code style=\"font-size:13px\">SecurityController.java<\/code>&nbsp;file:<\/p>\n<pre class=\"gutter: false;brush:java\">package com.okta.springsecurityauth;  \n\n...  \n \n@Configuration  \npublic class SecurityConfiguration extends WebSecurityConfigurerAdapter {  \n      \n    @Override  \n    public void configure(HttpSecurity http) throws Exception {  \n        http  \n            .authorizeRequests()  \n            .anyRequest().authenticated()  \n            .and()  \n            .formLogin()  \n            .loginPage(\"\/login.html\")  \n            .failureUrl(\"\/login-error.html\")  \n            .permitAll();  \n    }  \n\n...  \n}<\/pre>\n<p>These three lines were added: <\/p>\n<pre class=\"gutter: false;brush:bash\">.loginPage(\"\/login.html\")  \n.failureUrl(\"\/login-error.html\")  \n.permitAll();  <\/pre>\n<p>They define the custom login endpoint, the login error endpoint, and instruct Spring Security to permit all requests to those endpoints.<\/p>\n<p>Run the app again using&nbsp;<code style=\"font-size:13px\">.\/gradlew bootRun<\/code>.<\/p>\n<p>This time you\u2019ll see the custom login form.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" width=\"600\" height=\"493\" style=\"border:none\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/loginPage.png\" alt=\"\" class=\"wp-image-94452\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/loginPage.png 600w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/loginPage-300x247.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n<\/div>\n<h2 class=\"wp-block-heading\" id=\"its-almost-saml-time\">It\u2019s (almost) SAML Time!<\/h2>\n<p>The Spring Security SAML extension is currently in flux. There are some unofficial 2.x releases that work, but they\u2019re not officially supported.<\/p>\n<p>From&nbsp;<a href=\"https:\/\/github.com\/spring-projects\/spring-security-saml\/tree\/develop\">the Spring Security SAML GitHub page<\/a>:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p> This project is being rewritten. There is a base implementation in the&nbsp;<a href=\"https:\/\/github.com\/spring-projects\/spring-security-saml\/tree\/develop\">develop<\/a>&nbsp;including milestone releases in the<a href=\"https:\/\/repo.spring.io\/milestone\/org\/springframework\/security\/extensions\/spring-security-saml2-core\/\">milestone<\/a>&nbsp;repository.<br \/>In the&nbsp;<a href=\"https:\/\/github.com\/spring-projects\/spring-security-saml\/tree\/develop\">develop-3.0<\/a>&nbsp;branch we are creating a solution that builds on top of the milestones and is better aligned with Spring Security. The intent with this branch is to merge it with the&nbsp;<a href=\"https:\/\/github.com\/spring-projects\/spring-security\">Spring Security<\/a>&nbsp;project and release as part of Spring Security core.<br \/>For that reason, we will not be publishing any official releases of the 2.0.0 milestones, but will maintain it until all feature functionality that exists in the milestones are part of Spring Security. <\/p>\n<\/blockquote>\n<p>If you want to venture into the current state of Spring Boot SAML, the&nbsp;<a href=\"https:\/\/docs.spring.io\/spring-security-saml\/docs\/1.0.x-SNAPSHOT\/reference\/htmlsingle\/\">Spring SAML Extension Docs<\/a>&nbsp;are a good place to start.<\/p>\n<p>Matt Raible at Okta also has&nbsp;<a href=\"https:\/\/developer.okta.com\/blog\/2017\/03\/16\/spring-boot-saml\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">a great tutorial<\/a>&nbsp;for implementing SAML with Spring Boot 1.x.<\/p>\n<p>Vincenzo De Notari has&nbsp;<a href=\"https:\/\/github.com\/vdenotaris\/spring-boot-security-saml-sample\">an example Service Provider implementation<\/a>&nbsp;using SAML 2.0 and Spring Boot 2.1.3.<\/p>\n<p><strong>NOTE:<\/strong>&nbsp;If you want to test out SAML with Okta, you\u2019ll need to request a trial of&nbsp;<a href=\"https:\/\/www.okta.com\/integrate\/signup\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Okta\u2019s Enterprise Edition<\/a>.<\/p>\n<h2 class=\"wp-block-heading\" id=\"add-oAuth-2.0-openID\">Add OAuth 2.0 + OpenID Connect Authentication<\/h2>\n<p>Once you\u2019re in the&nbsp;<a href=\"https:\/\/developer.okta.com\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">developer.okta.com<\/a>&nbsp;dashboard, create an OIDC Application:<\/p>\n<ul class=\"wp-block-list\">\n<li>From top-menu, click on&nbsp;<strong>Applications<\/strong><\/li>\n<\/ul>\n<figure class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" width=\"1024\" height=\"685\" style=\"border:none\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/applications-1024x685.png\" alt=\"Authentication with Spring Security\" class=\"wp-image-94453\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/applications-1024x685.png 1024w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/applications-300x201.png 300w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/applications-768x514.png 768w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/applications.png 1025w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<ul class=\"wp-block-list\">\n<li>Click green&nbsp;<strong>Add Applications<\/strong>&nbsp;button<\/li>\n<li>Click&nbsp;<strong>Web<\/strong>&nbsp;application type, and&nbsp;<strong>Next<\/strong><\/li>\n<li>Give the app a&nbsp;<strong>Name<\/strong>. Any name.<\/li>\n<li>Set&nbsp;<strong>Login Redirect URIs<\/strong>&nbsp;to&nbsp;<code style=\"font-size:13px\">http:\/\/localhost:8080\/login\/oauth2\/code\/okta<\/code><\/li>\n<li>Click&nbsp;<strong>Done<\/strong>.<\/li>\n<\/ul>\n<p>Take note of the&nbsp;<strong>Client ID<\/strong>&nbsp;and&nbsp;<strong>Client Secret<\/strong>&nbsp;at the bottom of the page. You\u2019ll need these in a bit.<\/p>\n<p>Great! That\u2019s all you have to do to configure Okta as an OIDC provider.<\/p>\n<p>Open the&nbsp;<code style=\"font-size:13px\">oauth-okta<\/code>&nbsp;directory from the example repository.<\/p>\n<p>Before you do anything else, you need to update the&nbsp;<code style=\"font-size:13px\">src\/main\/resources\/application.yml<\/code>&nbsp;file. You need to fill in three values:<\/p>\n<ol class=\"wp-block-list\">\n<li>Okta URL, something like&nbsp;<code style=\"font-size:13px\">https:\/\/dev-123456.okta.com\/oauth2\/default<\/code><\/li>\n<li>Client ID (from the OIDC app you just created)<\/li>\n<li>Client Secret (also from the OIDC app you just created)<\/li>\n<\/ol>\n<pre class=\"gutter: false;brush:bash\">okta:  \n  oauth2:  \n    issuer: https:\/\/{yourOktaDomain}\/oauth2\/default  \n    client-id: {yourClientID}\n    client-secret: {yourClientSecret} \nspring:  \n  thymeleaf:  \n    cache: false<\/pre>\n<p>Next, take a look at the dependencies section of the&nbsp;<code style=\"font-size:13px\">build.gradle<\/code>&nbsp;file. <\/p>\n<pre class=\"gutter: false;brush:java\">dependencies {  \n  implementation 'com.okta.spring:okta-spring-boot-starter:1.2.0'  \n  implementation 'org.springframework.boot:spring-boot-starter-web'  \n   \n  ...\n}<\/pre>\n<p>You\u2019ll notice one new dependency as well as no longer needing&nbsp;<code style=\"font-size:13px\">spring-boot-starter-security<\/code>: <\/p>\n<ul class=\"wp-block-list\">\n<li><code style=\"font-size:13px\">okta-spring-boot-starter<\/code><\/li>\n<\/ul>\n<p>The Okta Spring Boot Starter is an extension by Okta that simplifies some of the dependency management and configuration associated with OAuth and Spring Security. You can check out&nbsp;<a href=\"https:\/\/github.com\/okta\/okta-spring-boot\">the project GitHub page<\/a>&nbsp;for more info.<\/p>\n<p>The rest of the project, honestly, is beguilingly simple. The&nbsp;<code style=\"font-size:13px\">Application.java<\/code>&nbsp;file is the same.<\/p>\n<p>The&nbsp;<code style=\"font-size:13px\">WebController.java<\/code>&nbsp;file has a few new methods added. This could actually have been the same as the first couple of examples, simply returning a string, but I thought it would be nice to demonstrate how to access some of the authenticated user information.<\/p>\n<pre class=\"gutter: false;brush:java\">package com.okta.springsecurityauth;  \n  \n...  \n  \n@Controller\npublic class WebController {\n\n    @RequestMapping(\"\/\")\n    @ResponseBody\n    public String home(@AuthenticationPrincipal OidcUser oidcUser) {\n        return \"Welcome, \" + oidcUser.getFullName();\n    }\n\n    @RequestMapping(\"\/attributes\")\n    @ResponseBody\n    public String attributes(@AuthenticationPrincipal OidcUser oidcUser) {\n        return oidcUser.getAttributes().toString();\n    }\n\n    @RequestMapping(\"\/authorities\")\n    @ResponseBody\n    public String authorities(@AuthenticationPrincipal OidcUser oidcUser) {\n        return oidcUser.getAuthorities().toString();\n    }\n    \n}<\/pre>\n<p>The&nbsp;<code style=\"font-size:13px\">\/<\/code>&nbsp;home endpoint returns a welcome message and the full name of the OIDC user.<\/p>\n<p>The&nbsp;<code style=\"font-size:13px\">\/attributes<\/code>&nbsp;endpoint returns the user attributes that the app received from Okta.<\/p>\n<p>The&nbsp;<code style=\"font-size:13px\">\/authorities<\/code>&nbsp;endpoint returns the user authorities (roles and scopes). These have to do with authorization, defining what actions the user is permitted to execute or what resources the user can access and modify.<\/p>\n<p>You\u2019ll notice that there is no&nbsp;<code style=\"font-size:13px\">SecurityConfiguration.java<\/code>&nbsp;file. In this simple example, it\u2019s unnecessary because OAuth is the default authentication scheme and by default, all paths require authentication (which is what we want).<\/p>\n<p>Great! Now give it a try. Run the app in the&nbsp;<code style=\"font-size:13px\">oauth-okta<\/code>&nbsp;directory using&nbsp;<code style=\"font-size:13px\">.\/gradlew bootRun<\/code>.<\/p>\n<p>Navigate to&nbsp;<code style=\"font-size:13px\">http:\/\/localhost:8080\/<\/code>.<\/p>\n<p>You may need to use an incognito window or log out of the Okta developer dashboard if you want to see Okta\u2019s hosted login screen.<\/p>\n<figure class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" width=\"551\" height=\"661\" style=\"border:none\" src=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/oktaLogin.png\" alt=\"Authentication with Spring Security\" class=\"wp-image-94456\" srcset=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/oktaLogin.png 551w, https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2019\/07\/oktaLogin-250x300.png 250w\" sizes=\"(max-width: 551px) 100vw, 551px\" \/><\/figure>\n<p>Log in with your Okta login, and you\u2019ll be taken to a screen that says something like: <\/p>\n<pre class=\"gutter: false;brush:bash\">Welcome, Andrew Hughes<\/pre>\n<p>You can also try out the&nbsp;<code style=\"font-size:13px\">http:\/\/localhost:8080\/attributes<\/code>&nbsp;endpoint and the&nbsp;<code style=\"font-size:13px\">http:\/\/localhost:8080\/authorities<\/code>endpoint.<\/p>\n<h2 class=\"wp-block-heading\" id=\"finish-up-your-spring-boot-spring-security-app-with-authentication\">Finish Up Your Spring Boot + Spring Security App with Authentication<\/h2>\n<p>In this tutorial, you went through a selection of Spring Boot and Spring Security authentication methods. You started with HTTP basic; moved on to form-based auth with the auto-generated form; and then customized the app to use a Thymeleaf template for the login form. Next, you implemented an OAuth\/OIDC single sign-on app using Okta and Spring Boot.<\/p>\n<p>You can find the source code for all the examples in this tutorial&nbsp;<a href=\"https:\/\/github.com\/oktadeveloper\/okta-spring-security-authentication-example\">on GitHub<\/a>.<\/p>\n<p>If you\u2019d like to learn more about Spring Boot, Spring Security, or secure authentication, check out any of these great tutorials:<\/p>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2017\/03\/21\/spring-boot-oauth?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Get Started with Spring Boot, OAuth 2.0, and Okta<\/a><\/li>\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2017\/11\/20\/add-sso-spring-boot-15-min?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Add Single Sign-On to Your Spring Boot Web App in 15 Minutes<\/a><\/li>\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2018\/06\/12\/mfa-in-spring-boot?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Secure Your Spring Boot Application with Multi-Factor Authentication<\/a><\/li>\n<li><a href=\"https:\/\/developer.okta.com\/blog\/2018\/08\/16\/secure-api-spring-boot-graphql?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\">Build a Secure API with Spring Boot and GraphQL<\/a><\/li>\n<\/ul>\n<p>If you want to dive deeper, take a look at the&nbsp;<a href=\"https:\/\/github.com\/okta\/okta-spring-boot\">Okta Spring Boot Starter GitHub page<\/a>.<\/p>\n<p>If you have any questions about this post, please add a comment below. For more awesome content, follow&nbsp;<a href=\"https:\/\/twitter.com\/oktadev\">@oktadev<\/a>&nbsp;on Twitter, like us&nbsp;<a href=\"https:\/\/www.facebook.com\/oktadevelopers\/\">on Facebook<\/a>, or subscribe to&nbsp;<a href=\"https:\/\/www.youtube.com\/c\/oktadev\">our YouTube channel<\/a>.<\/p>\n<p><a href=\"https:\/\/developer.okta.com\/signup\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&amp;utm_source=jcg&amp;utm_medium=cpc\" target=\"_blank\" rel=\"noreferrer noopener\">\"Simple Authentication with Spring Security\"<\/a>&nbsp;was originally published on the Okta Developer blog on May 31, 2019.\n<\/p>\n<p><span style=\"font-size: 20px;\"><strong>Friends don\u2019t let friends write user auth. Tired of managing your own users?<\/strong><a href=\"https:\/\/developer.okta.com\/signup\/?utm_campaign=text_website_all_multiple_dev_dev_spring-security-authentication_null&#038;utm_source=jcg&#038;utm_medium=cpc\" target=\"_blank\" rel=\"noreferrer noopener\"> Try Okta\u2019s API and Java SDKs today. Authenticate, manage, and secure users in any application within minutes.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Friends don\u2019t let friends write user auth. Tired of managing your own users? Try Okta\u2019s API and Java SDKs today. Authenticate, manage, and secure users in any application within minutes. Authentication is vital to all but the most basic web applications. Who is making the request, wanting data, or wanting to update or delete data? &hellip;<\/p>\n","protected":false},"author":49514,"featured_media":240,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[30,854,125],"class_list":["post-94444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-enterprise-java","tag-spring","tag-spring-boot","tag-spring-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Simple Authentication with Spring Security - Java Code Geeks<\/title>\n<meta name=\"description\" content=\"Interested to learn about Spring Security? Check our article presenting a Simple Authentication with Spring Security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Simple Authentication with Spring Security - Java Code Geeks\" \/>\n<meta property=\"og:description\" content=\"Interested to learn about Spring Security? Check our article presenting a Simple Authentication with Spring Security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config\" \/>\n<meta property=\"og:site_name\" content=\"Java Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/javacodegeeks\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-22T10:00:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-29T06:08:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Andrew Hughes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:site\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Hughes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/07\\\/simple-authentication-spring-security.html\"},\"author\":{\"name\":\"Andrew Hughes\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/0ded99ab51010abb68790f6189ce99d3\"},\"headline\":\"Simple Authentication with Spring Security\",\"datePublished\":\"2019-07-22T10:00:06+00:00\",\"dateModified\":\"2019-07-29T06:08:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/07\\\/simple-authentication-spring-security.html\"},\"wordCount\":2299,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"keywords\":[\"Spring\",\"Spring Boot\",\"Spring Security\"],\"articleSection\":[\"Enterprise Java\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2019\\\/07\\\/simple-authentication-spring-security.html\",\"url\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config\",\"name\":\"Simple Authentication with Spring Security - Java Code Geeks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"datePublished\":\"2019-07-22T10:00:06+00:00\",\"dateModified\":\"2019-07-29T06:08:02+00:00\",\"description\":\"Interested to learn about Spring Security? Check our article presenting a Simple Authentication with Spring Security.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#primaryimage\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"width\":150,\"height\":150,\"caption\":\"spring-interview-questions-answers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/developer.okta.com\\\/blog\\\/2019\\\/05\\\/23\\\/java-microservices-spring-cloud-config#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enterprise Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\\\/enterprise-java\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Simple Authentication with Spring Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"name\":\"Java Code Geeks\",\"description\":\"Java Developers Resource Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"alternateName\":\"JCG\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.javacodegeeks.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/javacodegeeks\",\"https:\\\/\\\/x.com\\\/javacodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/0ded99ab51010abb68790f6189ce99d3\",\"name\":\"Andrew Hughes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/703689ecb161268c8a6ca8ad4057b8342d22972ec435111a055712b399716dbd?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/703689ecb161268c8a6ca8ad4057b8342d22972ec435111a055712b399716dbd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/703689ecb161268c8a6ca8ad4057b8342d22972ec435111a055712b399716dbd?s=96&d=mm&r=g\",\"caption\":\"Andrew Hughes\"},\"sameAs\":[\"https:\\\/\\\/developer.okta.com\\\/blog\"],\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/author\\\/andrew-hughes\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Simple Authentication with Spring Security - Java Code Geeks","description":"Interested to learn about Spring Security? Check our article presenting a Simple Authentication with Spring Security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config","og_locale":"en_US","og_type":"article","og_title":"Simple Authentication with Spring Security - Java Code Geeks","og_description":"Interested to learn about Spring Security? Check our article presenting a Simple Authentication with Spring Security.","og_url":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config","og_site_name":"Java Code Geeks","article_publisher":"https:\/\/www.facebook.com\/javacodegeeks","article_published_time":"2019-07-22T10:00:06+00:00","article_modified_time":"2019-07-29T06:08:02+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","type":"image\/jpeg"}],"author":"Andrew Hughes","twitter_card":"summary_large_image","twitter_creator":"@javacodegeeks","twitter_site":"@javacodegeeks","twitter_misc":{"Written by":"Andrew Hughes","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#article","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/07\/simple-authentication-spring-security.html"},"author":{"name":"Andrew Hughes","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/0ded99ab51010abb68790f6189ce99d3"},"headline":"Simple Authentication with Spring Security","datePublished":"2019-07-22T10:00:06+00:00","dateModified":"2019-07-29T06:08:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2019\/07\/simple-authentication-spring-security.html"},"wordCount":2299,"commentCount":1,"publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"image":{"@id":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","keywords":["Spring","Spring Boot","Spring Security"],"articleSection":["Enterprise Java"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.javacodegeeks.com\/2019\/07\/simple-authentication-spring-security.html","url":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config","name":"Simple Authentication with Spring Security - Java Code Geeks","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#primaryimage"},"image":{"@id":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","datePublished":"2019-07-22T10:00:06+00:00","dateModified":"2019-07-29T06:08:02+00:00","description":"Interested to learn about Spring Security? Check our article presenting a Simple Authentication with Spring Security.","breadcrumb":{"@id":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#primaryimage","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","width":150,"height":150,"caption":"spring-interview-questions-answers"},{"@type":"BreadcrumbList","@id":"https:\/\/developer.okta.com\/blog\/2019\/05\/23\/java-microservices-spring-cloud-config#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.javacodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Java","item":"https:\/\/www.javacodegeeks.com\/category\/java"},{"@type":"ListItem","position":3,"name":"Enterprise Java","item":"https:\/\/www.javacodegeeks.com\/category\/java\/enterprise-java"},{"@type":"ListItem","position":4,"name":"Simple Authentication with Spring Security"}]},{"@type":"WebSite","@id":"https:\/\/www.javacodegeeks.com\/#website","url":"https:\/\/www.javacodegeeks.com\/","name":"Java Code Geeks","description":"Java Developers Resource Center","publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"alternateName":"JCG","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.javacodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.javacodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.javacodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/javacodegeeks","https:\/\/x.com\/javacodegeeks"]},{"@type":"Person","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/0ded99ab51010abb68790f6189ce99d3","name":"Andrew Hughes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/703689ecb161268c8a6ca8ad4057b8342d22972ec435111a055712b399716dbd?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/703689ecb161268c8a6ca8ad4057b8342d22972ec435111a055712b399716dbd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/703689ecb161268c8a6ca8ad4057b8342d22972ec435111a055712b399716dbd?s=96&d=mm&r=g","caption":"Andrew Hughes"},"sameAs":["https:\/\/developer.okta.com\/blog"],"url":"https:\/\/www.javacodegeeks.com\/author\/andrew-hughes"}]}},"_links":{"self":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/94444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/users\/49514"}],"replies":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/comments?post=94444"}],"version-history":[{"count":0,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/94444\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media\/240"}],"wp:attachment":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media?parent=94444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/categories?post=94444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/tags?post=94444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}