This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.4.1!

Getting Started with WebFlux Applications

This section covers the minimum setup for how to use Spring Security with Spring Boot in a reactive application.

The completed application can be found in our samples repository. For your convenience, you can download a minimal Reactive Spring Boot + Spring Security application by clicking here.

Updating Dependencies

You can add Spring Security to your Spring Boot project by adding spring-boot-starter-security.

  • Maven

  • Gradle

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
    implementation 'org.springframework.boot:spring-boot-starter-security'

Starting Hello Spring Security Boot

You can now run the Spring Boot application by using the Maven Plugin’s run goal. The following example shows how to do so (and the beginning of the output from doing so):

Running Spring Boot Application
  • Maven

  • Gradle

$ ./mvnw spring-boot:run
...
INFO 23689 --- [  restartedMain] .s.s.UserDetailsServiceAutoConfiguration :

Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336

...
$ ./gradlew bootRun
...
INFO 23689 --- [  restartedMain] .s.s.UserDetailsServiceAutoConfiguration :

Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336

...

Authenticating

You can access the application at localhost:8080/ which will redirect the browser to the default log in page. You can provide the default username of user with the randomly generated password that is logged to the console. The browser is then taken to the orginally requested page.

To log out you can visit localhost:8080/logout and then confirming you wish to log out.

Spring Boot Auto Configuration

Spring Boot automatically adds Spring Security which requires all requests be authenticated. It also generates a user with a randomly generated password that is logged to the console which can be used to authenticate using form or basic authentication.