Spring boot + Spring security default authentication

You can secure your web applications using spring security. By using spring security with spring boot , you can minimize lot of configurations to be done for securing these applications.

Spring boot will automatically bootstrap your spring security jar (spring-boot-starter-security) added in your maven dependency and enable default security for your applications.

It will intercept all requests coming to application and asks user for authentication using spring security method used in our configuration. We can add security in different ways like inMemory, database, LDAP, OAUTH etc.

In this post, i will show a default security provided by spring boot security.

GitHub Link:

Tools :

  1. Tomcat Embed 8
  2. Maven 3.3
  3. Java 8
  4. IntelliJ IDEA
  5. Spring boot 2.1.1.RELEASE
  6. Spring Security 5.1.2.RELEASE

Step 1: Create a simple spring boot application in Intellij IDEA editor

Create new project using Spring Initializr as shown below –

Project Structure:

Step 2: Define all required dependencies for application

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

<description>Demo project for Spring Boot with spring security</description>

    <relativePath /> <!-- lookup parent from repository -->




    <!-- JSTL for JSP -->

    <!-- For JSP compilation -->
    <!-- https://mvnrepository.com/artifact/org.threeten/threetenbp -->


Step 3: Create a HomeController.java

package com.myjavablog.controller;

import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

public class HomeController implements ErrorController {

public String homePage(){
return "Successfully logged in…";

final String PATH = "/error";
@RequestMapping(value = PATH)
public String error() {
return "Error handling";

public String getErrorPath() {
return PATH;

This is a controller class which has mapping for all the URLs .

Step 4: Create application.properties file to define application peroperties


Step 5: SpringbootDefaultSecurityDemoApplication.java

This file will be automatically created by editor when you create the project. You have to run this file in order to bootstrap your spring boot application –

package com.myjavablog;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

public class SpringbootDefaultSecurityDemoApplication {
<pre><code>public static void main(String[] args) {

    SpringApplication.run(SpringbootDefaultSecurityDemoApplication.class, args);

When you run the above class , application will be compiled and hosted on to embedded tomcat web server.

Step 6: Access the application

Now as the application is up and running , you can access the application from browser. You can make sure application is up and running from logs printed onto a console. If some error occurs then your application will not be launched.

When you try to access the application from http://localhost:8081/. Then your request will be intercepted by spring security automatically and you will be redirected to default login form as below –

You have to enter Username as ‘user‘ and password printed onto console logs . In my case password is –

Using generated security password: d58d9d78-7c80-4620-a92b-c93c68c780e7

Once you click on Sign in , you will be redirected to controller action –

Leave a Comment