Below dependency is required for Spring Security in gradle :
implementation 'org.springframework.boot:spring-boot-starter-security:2.2.4.RELEASE'
Note :
Just by adding the above dependency in your build.gradle file the spring security is activated.
What functionalities are provided by Spring boot starter security ?
- Add mandatory authentication for URLS
- Adds login form
- Handles login error
- Create a default user and password
You just need to build the project and hit the url “http://localhost:8080/” and you will be automatically redirected to “http://localhost:8080/login” and the screen will look like below.

You can login to the above login page using User id as user “user” and password as the password printed in console while starting the project

You can also specify the login id and password in the application.properties file :
spring.security.user.name=tyson spring.security.user.password=tyson
Code : build.gradle
plugins { id 'java' id 'org.springframework.boot' version '2.2.5.RELEASE' id 'io.spring.dependency-management' version '1.0.7.RELEASE' } repositories { jcenter() } dependencies { implementation 'com.google.guava:guava:28.0-jre' testImplementation 'junit:junit:4.12' implementation 'org.springframework.boot:spring-boot-dependencies:2.0.5.RELEASE' implementation 'org.springframework.boot:spring-boot-starter-web' testImplementation 'org.springframework.boot:spring-boot-starter-test' implementation 'org.springframework.boot:spring-boot-starter-security:2.2.4.RELEASE' components { withModule('org.springframework:spring-beans') { allVariants { withDependencyConstraints { it.findAll { it.name == 'snakeyaml' }.each { it.version { strictly '1.19' } } } } } } } task runJar{ dependsOn 'assemble' dependsOn 'jar' doLast{ javaexec { main="-jar"; args = [ "build/libs/"+rootProject.name+".jar" ] } } }
App.java
package com.spring.security; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class App { public static void main(String[] args) { SpringApplication.run(App.class, args); } }
Code 2 :
App.java
package com.springSecurity; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.ApplicationContext; @SpringBootApplication //(exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class}) public class App { public static void main(String[] args) { ApplicationContext applicationContext = SpringApplication.run(App.class, args); } }
build.gradle
plugins { id 'java' id 'org.springframework.boot' version '2.0.5.RELEASE' id 'io.spring.dependency-management' version '1.0.7.RELEASE' } repositories { jcenter() } dependencies { implementation 'com.google.guava:guava:28.0-jre' testImplementation 'junit:junit:4.12' implementation 'org.springframework.boot:spring-boot-dependencies:2.0.5.RELEASE' implementation 'org.springframework.boot:spring-boot-starter-web' testImplementation 'org.springframework.boot:spring-boot-starter-test' //Oracle Integration implementation 'com.oracle.ojdbc:ojdbc8:19.3.0.0' implementation 'org.springframework:spring-jdbc:3.2.0.RELEASE' //Spring Security implementation 'org.springframework.boot:spring-boot-starter-security:2.4.4' components { withModule('org.springframework:spring-beans') { allVariants { withDependencyConstraints { it.findAll { it.name == 'snakeyaml' }.each { it.version { strictly '1.19' } } } } } } } bootJar { mainClassName = 'SpringSecurity.App' }
application.properties
server.port=9191 logging.level.org.springframework=DEBUG #Spring Secuity spring.security.user.name=tyson spring.security.user.password=tyson

Disable Spring Secuity :
Add below line in SpringBoot annotation
@SpringBootApplication
(exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class})
App.java
package com.springSecurity; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.ApplicationContext; @SpringBootApplication (exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class}) public class App { public static void main(String[] args) { ApplicationContext applicationContext = SpringApplication.run(App.class, args); } }

Things noticeable :
- CSRF is introduced by default
- JSESSION is introduced by default
Reference :
Code :
- Github – branch : spring-secuirty-enabling