Setting Up Spring Security and Swagger-UI in Spring Boot

Setting Up Spring Security and Swagger-UI in Spring Boot

Securing Rest APIs and Enabling Swagger-ui

ยท

3 min read

In the previous article, we learned about getting started with spring boot and developing Rest Api's using the H2 database. (Getting started with Spring Boot)

What you will learn from this blog?

  1. Enabling security for Rest Apis?

  2. What is swagger?

  3. How to implement swagger in Spring Boot?

Enabling security for Rest Apis

There are several ways of providing authentication to Rest Apis. As part of this blog, we will be implementing basic authentication using spring security.

To add security to our spring boot application, use the spring boot starter security dependency in the pom.xml

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Now, start the spring boot application and the security gets auto-enabled. The default password is printed on the console if we don't provide the password using the predefined property spring.security.user.password

We can use this password in the postman and consume the Rest API

We can also define our custom username and password by enabling the predefined properties in the application.properties file

We can provide our custom security configuration, by excluding the SecurityAutoConfiguration.class and implementing the custom configuration.

We are excluding the /getDemoResponse API from authentication and other APIs will still be authenticated as per the below custom configuration class.

If we don't add SessionCreationPolicy as Stateless, It will cache the username and password during a successful hit and will re-use the same even if the wrong password is passed.

At this point, we know how to add security to Rest APIs using Spring security and also to develop a custom security configuration class.

What is Swagger?

Swagger is an open-source tool which generates a web page that documents the APIs generated by the swagger specification.

Using swagger we can automatically build beautiful and interactive API documentation.

Since it gets automatically built, the changes are auto-reflected and it groups all APIs within the application to be visualized and also to get interacted with them.

How to implement swagger in Spring Boot?

Add the springfox-boot-starter dependency in the pom.xml file

<dependency>
    <groupId>io.springfox</groupId>
    <artifactId>springfox-boot-starter</artifactId>
    <version>3.0.0</version>
</dependency>

Add the swagger config class with the necessary information as shown below

Provide the base package details in the api() bean to scan the APIs and also provide the API description of the Rest APIs in the controller as shown below

Start the Spring Boot Application and navigate to the swagger-UI using /swagger-ui

YAY!!.. Finally, we have enabled the security to the Rest APIs and also integrated the swagger-UI to the Spring Boot Application.

The source code is available on GitHub mentioned below

You can follow me on Twitter and Linkedin. Happy Learning .. ๐Ÿ˜Š๐Ÿ‘

ย