Monday, December 24, 2018

Create Simple Secured Restful Web Services Application Using Spring Boot.​

How to create simple restful web services with spring security using Spring Boot.


  • Java JDK 1.8
  • IDE 


In this tutorial, we are going to create simple restful web services with spring security included. We are using spring boot scaffolding mechanism, from which we can simply generate the application prototype with its project structure. Simply visit here.

We are using maven project with java and spring boot 2.1.1 with dependencies Web, Security and DevTools.

Generate Project and extract it and open with your favorite Ide. It may take some time to download selected dependencies.

Project Structure:

Here, inside there is the main method which will run spring boot application. As we have already added spring boot starter like "Web" inside dependencies section so it has autoconfiguration for tomcat and other feature configuration for running the application.

Make sure required dependencies are in pom.xml file.


Run the application:

In order to run your application you can simply run via your editor or via command line. If you are trying to run via command line simply go to project's root directory and type the following command in your terminal.

mvn spring-boot:run
Now you can find spring security generated password in your terminal in order to access the application.
Using generated security password: 0fbaa489-e991-4920-a84d-a9710741c378

Create End Point:

In order to test our application, we need to create some Controller with a specified endpoint.

package com.example.learntocode.restTest;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

public class HelloController {

    public String hello(){
        return "Hello";

Here we are creating rest controller HelloController which is wrapped by annotation @RestController and Get mapping to hello action i.e whenever "${baseUrl}/" endpoint request it will hit this "hello" action.


I am using postman for a testing endpoint. If we hit endpoint "http://localhost:8080" with Get request we will get Unauthorized message as follows.

Now lets test with the credential provided by spring security as discussed above with generated password.

Note: The default username is "user" and password is generated one. It will generate a new password for each time when we run our application.

Here we have successfully secured our application.

In order to customize the username and password go to "" and configure as follows.