Spring Boot Security Introduction

Spring boot security is very essential nowadays in the world of API's.

Nowadays all of the web applications are using the API's which really help them to use them for all kind of application like a mobile app or web apps.

API's can be public and access-oriented means non authorized and authorized. API's help the application to be independent of the user interface and backend process.

Before of this web applications were lead the difficulties to deploy because they were dependent on user interface and backend in one single project.

But now the apps are there which are used for backend processing which can be deployed separately and the user interface can also be deployed separately. These apis can be used as a URL to fetch the response and manage it anywhere like you can use the same with web applications and mobile applications. 

So the API's generally contains the data or the response so it must me secure means its need to be authorized. Suppose there is bank API to fetch the details of user account now this API must be only used by the particular user who can see their details, that API cannot be allowed to publically accessible for the security reason.

So to secure these API's in spring framework, spring framework itself provided some security features or methods to make secure our spring application or APIs.

There are several ways to secure your app's most common ways are:- 

1) The authorized user need to be login while using this app it means when an API being hit it must be asked for user name and password of the authorized user. So what we will do is we will check the username and password in the database so Spring Boot Security allowed it as form-login. It calls the userDetailServices and uses userDao to authenticate and hit back to db to check the user is authorized or not.

2) But the issue in 1st one is for every API's he need to be put his username and password so suppose a user is using these API's using the web application using browser so it will be very difficult for the user to put his username and password again and again so what we can do here is Token Based Authentication where user will log in once and until he will log out he can access all the app's assigned to him. For this token based authentication we need to create a token after his login success and store them in the header with name Authorization and whenever he will hit the API's the header must contain the Authentication Token otherwise he will not be allowed to access the API. Spring boot security allows this using PrePostTokenAuthentication.