Spring Boot – more advanced (auto)configuration

Marcin Rozmus

In our first tutorial we showed you how to move your existing application (or set up new one) with Spring Boot. In this tutorial we want to show you how easy Spring Boot manage other parts of your application.


Starters are a set of dependency descriptors ready to be included in your application. They contain a lot of the dependencies, often with set of custom properties that allow you to add part of functionality without much effort.

Ten most popular starters on mvnrepository.com are:

We will describe some of them (and some other, not included in this table but no less interesting) more broadly in next paragraphs.

Web starter

In previous tutorial you’ve added spring-boot-starter-web for web application to easily set up it locally. This starter includes libraries like Spring MVC, Jackson and Tomcat as a default web application server. It also auto-configures things like: dispatcher servlet, error page and web JARs for managing the static dependencies. If you want, instead of Tomcat you can use another embedded web server, like Jetty or Undertow. To do that simply add:


to your pom.xml file. Of course if you prefer Undertow just replace spring-boot-starter-jetty with spring-boot-starter-undertow.

You can also easily customize your server. To do that extend your application properties by adding for ex.:


Data JPA starter

Next starter, spring-boot-starter-data-jpa provides us wide functionalities of persisting data. It comes to us with all goods from Spring Data JPA, such as no-code repositories. Let’s assume that you’ve already used it in your project or know how to use and just presents to you how to move your data sources configuration to Spring Boot.

To do this add to your pom.xml:


Then, to define new data source create a bean:

public DataSource dataSource() {
    return DataSourceBuilder.create().build();

and add credentials to properties:

demo.datasource.driver-class-name = com.mysql.jdbc.Driver

You probably will need to add dependencies to data source driver, in this case:


For developing purposes you can always use in memory databases like H2. To simply add it with Spring Boot add:


to your properties and:


to your pom.xml. You can always add mre than one data source to your project. To do that you will need to do two things: mark one of your bean with @Primary annotation and include data source name in your properties, because Spring Boot needs to know which property use to which data source configuration:

public DataSource firstDataSource() {
    return DataSourceBuilder.create().build();
public DataSource secondDataSource() {
    return DataSourceBuilder.create().build();
demo.datasource.first.driver-class-name = com.mysql.jdbc.Driver

demo.datasource.second.driver-class-name = com.mysql.jdbc.Driver

Security starter

Sometimes you want to secure your web application. With help to do that comes another starter: spring-boot-starter-security. With tons of useful dependencies we are getting our endpoints secured just by adding two properties:


After that if we want to go to one of endpoint we will see login prompt:

Of course this feature is enough if we are developing simple application, only with admin panel, etc. For other use cases we need to disable default Auto-Configuration and write our own. To do that add exclude:

@SpringBootApplication(exclude = { SecurityAutoConfiguration.class })
public class SpringBootSecurityApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringBootSecurityApplication.class, args);

or property:


After that we can add our own configuration class:

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;

public class CustomSecurityConfiguration extends WebSecurityConfigurerAdapter {

    protected void configure(AuthenticationManagerBuilder authBuilder) throws Exception {
        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
                .roles("USER", "ADMIN");

    protected void configure(HttpSecurity httpSecurity) throws Exception {

Another useful solutions of common problems that comes with spring-boot-starters-security are: out-of-the-box support for CORS, CSRF attack prevention, Session Fixation protection and Security Header integration (like X-Content-Type-Options integration, Cache Control, X-XSS-Protection integration and X-Frame-Options integration to help prevent Clickjacking).


Adding almost every starter that Spring Boot offer to us is as simple as our examples. We only need to add some dependencies, few properties and sometimes couple lines of code, but almost everything works out of the box. It’s very comfortable, especially when we want to create something that works quickly, but it’s not the only advantage of starters. Using starters we are always solving the problems in the same way as others, so our solutions are reliable and fully tested by millions of users across the world.

Spring Boot Reference Documentation

Poznaj mageek of j‑labs i daj się zadziwić, jak może wyglądać praca z j‑People!

Skontaktuj się z nami