# Getting Started with WebFlux Applications

This section covers the minimum setup for how to use Spring Security with Spring Boot in a reactive application.

The completed application can be found in our samples repository (opens new window).
For your convenience, you can download a minimal Reactive Spring Boot + Spring Security application by clicking here (opens new window).

# Updating Dependencies

You can add Spring Security to your Spring Boot project by adding spring-boot-starter-security.

Maven

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Gradle

    implementation 'org.springframework.boot:spring-boot-starter-security'

# Starting Hello Spring Security Boot

You can now run the Spring Boot application (opens new window) by using the Maven Plugin’s run goal. The following example shows how to do so (and the beginning of the output from doing so):

Example 1. Running Spring Boot Application

Maven

$ ./mvnw spring-boot:run
...
INFO 23689 --- [  restartedMain] .s.s.UserDetailsServiceAutoConfiguration :

Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336

...

Gradle

$ ./gradlew bootRun
...
INFO 23689 --- [  restartedMain] .s.s.UserDetailsServiceAutoConfiguration :

Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336

...

# Authenticating

You can access the application at http://localhost:8080/ (opens new window) which will redirect the browser to the default log in page. You can provide the default username of user with the randomly generated password that is logged to the console. The browser is then taken to the orginally requested page.

To log out you can visit http://localhost:8080/logout (opens new window) and then confirming you wish to log out.

# Spring Boot Auto Configuration

Spring Boot automatically adds Spring Security which requires all requests be authenticated. It also generates a user with a randomly generated password that is logged to the console which can be used to authenticate using form or basic authentication.

Reactive ApplicationsX.509 Authentication