Spring Boot Security Form Authentication In Memory Users

Spring Boot Security is a module in the Spring Boot framework that handles authentication, authorization, and other security aspects in web applications.

It provides features like user management, CSRF protection, and security filters to ensure robust application security with minimal configuration and coding effort.

The key components of Spring Boot Security include:

  1. Authentication: Handles user identity verification using form-based login, HTTP Basic, and OAuth.
  2. Authorization: Defines access control rules based on roles and permissions to restrict user actions.
  3. Security Filters: Intercept and enforce security rules for incoming requests.
  4. User Management: Provides options to manage user details and passwords.
  5. CSRF Protection: Prevents Cross-Site Request Forgery attacks.
  6. Session Management: Handles user sessions and concurrent session control.
  7. Event Logging: Logs security-related events for auditing and monitoring.

Project Explorer


The @RequestMapping("/info") annotation is used to map the info() method to handle HTTP requests with the URL path “/info”.

Similarly, there are other methods like user(), teacher(), and home() which are also annotated with @RequestMapping and mapped to different URL paths (“/”, “/teacher”, and “/admin” respectively).


The class is annotated with @Configuration, indicating that it is a configuration class that will define Spring beans and their dependencies.

“/info” URL allows all users access without authentication or authorization, providing unrestricted access to the page.

“/teacher” URL is limited to authenticated users with the “TEACHER” role, granting access only to those with appropriate authorization.

“/admin” URL is restricted to authenticated users having an “ADMIN” role, ensuring only authorized users can access this page.

Any URL requests except “/info”, “/teacher”, and “/admin” require authentication; users must log in to access other parts.