Spring Boot Security Basic Authentication Tutorial

In this tutorial, we will walk through the process of setting up basic authentication in a Spring Boot application using the latest version of Spring Security. We will cover creating a simple Spring Boot application, configuring Spring Security for basic authentication, and securing a RESTful API.


Before we start, ensure you have the following:

  • Java Development Kit (JDK) installed
  • Apache Maven installed
  • An IDE (Integrated Development Environment) like IntelliJ IDEA or Eclipse

Step 1: Setting Up the Project

Create a Spring Boot Project

  1. Open your IDE and create a new Spring Boot project using Spring Initializr.
  2. Add the following dependencies:
    • Spring Web
    • Spring Security
    • Spring Data JPA
    • H2 Database (for simplicity, but you can use any database of your choice)

Project Structure

Your project structure should look like this:

├── src
│   ├── main
│   │   ├── java
│   │   │   └── com
│   │   │       └── example
│   │   │           └── security
│   │   │               ├── SecurityConfig.java
│   │   │               ├── SecurityApplication.java
│   │   │               ├── model
│   │   │               │   └── User.java
│   │   │               ├── repository
│   │   │               │   └── UserRepository.java
│   │   │               ├── service
│   │   │               │   └── UserService.java
│   │   │               └── controller
│   │   │                   └── HelloController.java
│   ├── main
│   │   └── resources
│   │       └── application.properties
└── pom.xml

Step 2: Adding Dependencies

Add the necessary dependencies for Spring Security, Spring Data JPA, and H2 database in the pom.xml file.


        <!-- Spring Boot Starter Web -->

        <!-- Spring Boot Starter Security -->

        <!-- Spring Boot Starter Data JPA -->

        <!-- H2 Database -->

        <!-- Spring Boot Starter Test -->

Step 3: Configuring the Application Properties

Configure the application properties for the H2 database and other settings.


# H2 Database configuration

# JPA settings

Step 4: Creating the User Entity

Create a User entity in the com.example.security.model package.


package com.example.security.model;

import jakarta.persistence.Entity;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;

public class User {

    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String username;
    private String password;
    private String role;

    // Getters and Setters

    public Long getId() {
        return id;

    public void setId(Long id) {
        this.id = id;

    public String getUsername() {
        return username;

    public void setUsername(String username) {
        this.username = username;

    public String getPassword() {
        return password;

    public void setPassword(String password) {
        this.password = password;

    public String getRole() {
        return role;

    public void setRole(String role) {
        this.role = role;

Step 5: Creating the User Repository

Create a UserRepository interface in the com.example.security.repository package.


package com.example.security.repository;

import com.example.security.model.User;
import org.springframework.data.jpa.repository.JpaRepository;

public interface UserRepository extends JpaRepository<User, Long> {
    User findByUsername(String username);

Step 6: Creating the User Service

Create a UserService class in the com.example.security.service package.


package com.example.security.service;

import com.example.security.model.User;
import com.example.security.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Service;

public class UserService implements UserDetailsService {

    private UserRepository userRepository;

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        com.example.security.model.User user = userRepository.findByUsername(username);
        if (user == null) {
            throw new UsernameNotFoundException("User not found");
        return org.springframework.security.core.userdetails.User.builder()

Step 7: Configuring Spring Security

Create a SecurityConfig class in the com.example.security package to configure Spring Security.


package com.example.security;

import com.example.security.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

public class SecurityConfig {

    private UserService userService;

    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
            .authorizeHttpRequests(authorizeRequests ->
                    .requestMatchers("/h2-console/**").permitAll()  // Allow access to H2 console

        // Disable CSRF and frame options for H2 console

        return http.build();

    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

Step 8: Creating the Hello Controller

Create a HelloController class in the com.example.security.controller package.


package com.example.security.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

public class HelloController {

    public String hello() {
        return "Hello, World!";

Step 9: Creating the Main Application Class

Create the main application class to run your Spring Boot application.


package com.example.security;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

public class SecurityApplication {

    public static void main(String[] args) {
        SpringApplication.run(SecurityApplication.class, args);


Step 10: Running the Application

To run the application, execute the SecurityApplication class. This will start the Spring Boot application with Spring Security configured.

Accessing the Application

  1. Open your browser and navigate to http://localhost:8080/h2-console to access the H2 database console. Use the JDBC URL jdbc:h2:mem:testdb, username sa, and an empty password to log in.
  2. Navigate to http://localhost:8080/api/hello to access the secured endpoint. You will be prompted to enter a username and password. Use the credentials you set up in your UserService or database.


In this tutorial, we have walked through setting up a basic Spring Boot application and integrating it with Spring Security for basic authentication. We configured Spring Security to secure our application and created a simple RESTful API endpoint. By following this tutorial, you should now have a good understanding of how to integrate Spring Security with Spring Boot and secure your applications using basic authentication.