Security is a fundamental concern in modern web applications. Spring Boot Security is a powerful framework that provides security features out of the box. In this simple introduction, we'll explore the basics of Spring Boot Security and how to secure your application using sample code and examples.


Before you start, make sure you have the following prerequisites:

Adding Spring Boot Security

To add Spring Boot Security to your project, you need to include the corresponding dependency in your project's build configuration. If you're using Maven, add the following dependency to your pom.xml:


If you're using Gradle, add this to your build.gradle:

dependencies {
implementation 'org.springframework.boot:spring-boot-starter-security'

Configuring Security

Spring Boot Security comes with sensible defaults, but you can customize the security configuration. You can create a configuration class that extends WebSecurityConfigurerAdapter to define your security rules. Here's an example:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
public class SecurityConfig extends WebSecurityConfigurerAdapter {
public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
return new InMemoryUserDetailsManager(user);
protected void configure(HttpSecurity http) throws Exception {
.antMatchers("/", "/public/**").permitAll()

In this example, we configure security to allow anonymous access to the home page ("/") and static resources in the "/public" directory. All other requests require authentication. We also define a simple in-memory user for authentication purposes.

Creating a Login Page

To create a login page, you can add an HTML template and controller. Here's a basic example:

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
public class LoginController {
public String login() {
return "login";

And the corresponding Thymeleaf template (login.html):

<!DOCTYPE html>
<html xmlns="" xmlns:th="">
<form th:action="@{/login}" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" />
<br />
<label for="password">Password:</label>
<input type="password" id="password" name="password" />
<br />
<button type="submit">Login</button>


Spring Boot Security provides a robust way to secure your web applications with minimal configuration. This simple introduction covered adding Spring Boot Security, configuring security rules, and creating a basic login page. You can expand on these concepts to build more advanced security features in your application.