The following was discovered as part of building this project:
This is an example of Spring Boot Security using in-memory configuration for
- authentication
- authorization
There are two users as follows:
- "user" with a password of "user"
- "admin" with a password of "admin"
The password for "user" is hashed using bcrypt-generator.com and hard coded into WebSecurityConfiguration.kt The password for "admin" is hashed using BcryptPasswordEncoder().
Access to pages is as follows:
- "user" has access to /user
- "admin" has access to /admin
- /all is accessible to authenticated users - "user" and "admin"
- / is accessible without authentication
To try it out:
- access http://localhost:8080/user and login as "user"/"user"
- logout at http://localhost:8080/logout
- access http://localhost:8080/admin and login as "admin"/"admin"
- access http://localhost:8080/all as either "user" or "admin"
For further reference, please consider the following sections:
- Official Gradle documentation
- Spring Boot Gradle Plugin Reference Guide
- Create an OCI image
- Spring Web
- Spring Security
- Spring Data JPA
The following guides illustrate how to use some features concretely:
- Building a RESTful Web Service
- Serving Web Content with Spring MVC
- Building REST services with Spring
- Securing a Web Application
- Spring Boot and OAuth2
- Authenticating a User with LDAP
- Accessing Data with JPA
- Accessing data with MySQL
These additional references should also help you: