基本概念
Spring Security provides HTTP basic auth. When you bring in the Spring Security starter, just introducing that gives you basic authentication on all of your endpoints, with the exception of some of the commonly ignored ones that are in the static directory, like JavaScript or CSS.
Now you get basic auth, but the username and password are actually generated at startup time, and split out into the info messages of the log. If you just want to play with security and added to a project, you can get the username and password from those log messages during the startup sequence.
Basic Security
- Spring Security gives you basic authentication on all endpoints except common ones like /js or /css
- Password printed in log messages
- Property-based configuration
