You can use this repository as an reference for understanding spring security-
https://github.com/Arora-Shivam/MasaiSpringSecurity
Spring Security provides comprehensive security services for J2EE-based enterprise software applications.
Spring Security is a framework that provides various security features like authentication, and authorization to create secure Java Enterprise Applications.
This framework targets two major areas of application - authentication and authorization.
Authentication
Authentication is how we verify the identity of who is trying to access a particular resource. A common way to authenticate users is by requiring the user to enter a username and password. Once authentication is performed we know the identity and can perform authorization. Http response code in case of failed authentication is 401.
Authorization
Authorization is the process to allow the authority to perform actions in the application. We can apply authorization to authorize web requests, methods, and access to the individual domain. Http response code in case of failed authorization is 403.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>