10 Excellent Ways to Secure Your Spring Boot Application

10 Excellent Ways to Secure Your Spring Boot Application

Spring Boot is one of the most popular Java frameworks. If you’re developing Spring Boot apps that handle sensitive data, you should make sure they’re secure. This article gives you some tips on how to build more secure Spring Boot applications.


Thanks for the nice post… I learnt new stuffs


Hi Matt,

A very good and useful article!! In order to make our application more secure, we are trying to enable the CSRF protection with a Spring Boot back-end and an Angular application for the front-end based on what you wrote. However we are getting the following error “Could not verify the provided CSRF token because your session was not found in spring security”. What could be the reason? Could different sub-domains between the two compact have an impact?

Thank you in advance for your answer.

Matt Raible

Yes, you’re likely to have issues if you try to host your apps on separate domains. This is because Spring Boot will send the CSRF token as a cookie and you won’t be able to read the cookie (to send it back in a header) if you’re on a different domain.

keomorakort man

Thank Matt, your article is very helpful to me.

Igor K

Where can I get the “I find your lack of security disturbing” t-shirt?

Matt Raible

Hello Igor,

It’s not currently available for sale publicly. You can see where our developer advocates are speaking at oktadev.events. If you happen to be going to one of these events, let me know, and I’ll make sure we have a t-shirt for you! We’d also be happen to ship you one if you contribute a PR to one of our SDKs and/or blog posts to fix something.

Igor K

Coolio, thank you!

Saurabh Singh

hi matt
I wan to know how to hide production env properties from developer

Matt Raible

The easiest way is to not allow your developers to access your production environment!

This guide suggestions using Vault by HashiCorp. We’re working on a post now that shows how to use Spring Vault. If you follow @oktadev on Twitter, you’ll get a notification when we publish it.

Aftab Ahmed

Hi Matt, Thanks for Sharing wonderful Article, Would you please share how encrypt Application properties?


Matt Raible

Our blog post on using Spring Vault should help. https://developer.okta.com/…

Hassan Waris

Matt, Thank you after reading this , I am feeling secured (: