📘 Premium Read: Access my best content on
Medium member-only articles
— deep dives into Java, Spring Boot, Microservices, backend architecture, interview preparation, career advice, and industry-standard best practices.
✅ Some premium posts are free to read — no account needed.
Follow me on Medium to stay updated and support my writing.
🎓 Top 10 Udemy Courses (Huge Discount):
Explore My Udemy Courses
— Learn through real-time, project-based development.
▶️ Subscribe to My YouTube Channel (172K+ subscribers):
Java Guides on YouTube
In this Spring Security tutorial, we will learn how to configure
Spring Security to use in-memory authentication.
Overview
Spring Security’s InMemoryUserDetailsManager implements UserDetailsService to provide support for username/password-based authentication that is stored in memory. The InMemoryUserDetailsManager provides management of UserDetails by implementing the UserDetailsManager interface. UserDetails-based authentication is used by Spring Security when it is configured to accept a username and password for authentication.
Maven Dependency
In order to use Spring Security in the Spring Boot project, we need to add the below Maven dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Spring Security Configuration
Next, let's configure Spring Security to use basic in-memory authentication. Let's create SpringSecurityConfig class and add the following code to it:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
public class SpringSecurityConfig {
@Bean
public static PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeHttpRequests((authorize) -> {
authorize.anyRequest().authenticated();
}).httpBasic(Customizer.withDefaults());
return http.build();
}
@Bean
public UserDetailsService userDetailsService(){
UserDetails ramesh = User.builder()
.username("ramesh")
.password(passwordEncoder().encode("password"))
.roles("USER")
.build();
UserDetails admin = User.builder()
.username("admin")
.password(passwordEncoder().encode("admin"))
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(ramesh, admin);
}
}
Here we're using the httpBasic() element to define Basic Authentication inside the SecurityFilterChain bean.
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeHttpRequests((authorize) -> {
authorize.anyRequest().authenticated();
}).httpBasic(Customizer.withDefaults());
return http.build();
}
In the below InMemoryUserDetailsManager Java Configuration, we have created two users and stored them in the InMemoryUserDetailsManager class object.
@Bean
public UserDetailsService userDetailsService(){
UserDetails ramesh = User.builder()
.username("ramesh")
.password(passwordEncoder().encode("password"))
.roles("USER")
.build();
UserDetails admin = User.builder()
.username("admin")
.password(passwordEncoder().encode("admin"))
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(ramesh, admin);
}
Spring Security’s InMemoryUserDetailsManager implements UserDetailsService to provide support for username/password-based authentication that is stored in memory.
Note that we are using
PasswordEncoder to encode the password. Spring Security’s
PasswordEncoder interface is used to perform a one-way transformation of a password to let the password be stored securely. We are using
BCryptPasswordEncoder class which implements the
PasswordEncoder interface. The
BCryptPasswordEncoder class implementation uses the widely supported
bcrypt algorithm to hash the passwords.
@Bean
public static PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
.password(passwordEncoder().encode("password"))
Create REST API
In order to test the above Spring security configuration, let's create a simple REST API and protect it using Spring Security. Well, if we add Spring security dependency to the Spring boot project then by default Spring Security secures all the application URLs.
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class WelComeController {
@GetMapping("/greeting")
public String greeting(Authentication authentication) {
String userName = authentication.getName();
return "Spring Security In-memory Authentication Example - Welcome " + userName;
}
}
Testing REST API using Postman
In order to the REST APIs, we have to pass a username and password in the header this is called a basic authentication.
Note that we are passing username and password as admin/admin:
Conclusion
In this tutorial, we have seen how to configure Spring Security 6 to use in-memory authentication. Well, we have used Spring Security’s
InMemoryUserDetailsManager class which implements
UserDetailsService to provide support for username/password-based authentication that is stored in memory.
Related Spring Security Tutorials/Guides:
Core Components of Spring Security
Spring Security: Authentication
Spring Security: Authorization
Spring Security: Principal
Spring Security: Granted Authority
Spring Security: SecurityContextHolder
Spring Security: UserDetailsService
Spring Security: Authentication Manager
Spring Security: Authentication Provider
Spring Security: Password Encoder
AuthenticationEntryPoint in Spring Security
@PreAuthorize Annotation in Spring Security
Spring Security Basic Authentication
Spring Security In-Memory Authentication
Spring Security Form-Based Authentication
Difference Between Basic Authentication and Form Based Authentication
Spring Security Custom Login Page
Spring Security Login Form Example with Database Authentication
Spring Boot Login REST API
Login and Registration REST API using Spring Boot, Spring Security, Hibernate, and MySQL Database
Spring Boot + Spring Security + Angular Example Tutorial
Spring Boot + Angular Login Authentication, Logout, and HttpInterceptor Example
Spring Security In-Memory Authentication Example
Spring Security Hibernate Database Authentication - UserDetailsService
Securing a Spring MVC Application with Spring Security
Spring Boot Security Login REST API Example
Spring Boot Security Login and Registration REST API
Role-based Authorization using Spring Boot and Spring Security
Spring Boot Security JWT Token-Based Authentication and Role-Based Authorization Tutorial
Spring Boot + Spring Security + JWT + MySQL Database Tutorial
Spring Boot JWT Authentication and Authorization Example
Spring Boot Security JWT Example - Login REST API with JWT Authentication
Spring Boot Security JWT Token-Based Authentication and Role-Based Authorization Tutorial
Spring Security - Get Current Logged-In User Details
Spring Security - How to Get Current Logged-In Username in JSP
Spring Security - How to Access User Roles in JSP
Spring Security - How to Get Current Logged-In Username in Themeleaf
Spring Security Tutorial - Registration, Login, and Logout
Spring Boot 2 + Spring MVC + Role-Based Spring Security + JPA + Thymeleaf + MySQL Tutorial
User Registration Module using Spring Boot 2 + Spring MVC + Spring Security + Hibernate 5 + Thymeleaf + MySQL
Registration and Login using Spring Boot, Spring Security, Spring Data JPA, Hibernate, H2, JSP, and Bootstrap
Spring Boot User Registration and Login Example Tutorial
Comments
Post a Comment
Leave Comment