Retrofit
REST APIs as Java interfaces
Type-safe HTTP client that turns REST API into Java interface declarations.
Installation
<dependency>
<groupId>com.squareup.retrofit2</groupId>
<artifactId>retrofit</artifactId>
<version>2.9.0</version>
</dependency>implementation 'com.squareup.retrofit2:retrofit:2.9.0'libraryDependencies += "com.squareup.retrofit2" % "retrofit" % "2.9.0"Key Features
- Authentication with multiple providers (OAuth2, LDAP, JDBC)
- Role-based and permission-based authorization
- Protection against CSRF, session fixation, and clickjacking
- Seamless integration with Spring Boot and Spring MVC
- Customizable security filters and handlers
Version History
6.2.1 (latest)
6.2.0
6.1.5
6.1.4
6.0.8
5.8.9
5.7.11
Frequently Asked Questions
How do I add basic authentication?
Add the dependency and Spring Boot auto-configures it. Use @EnableWebSecurity and configure HttpSecurity in a SecurityFilterChain bean.
Is it compatible with Spring Boot 3?
Yes, version 6.x is designed for Spring Boot 3 and requires Java 17+. Use 5.x for older Spring Boot versions.
How to handle JWT authentication?
Use spring-security-oauth2-resource-server for JWT validation. Configure it as a resource server in your security config.
Common error: 403 Forbidden on POST?
Usually a CSRF protection issue. Either include CSRF token in forms or disable CSRF for stateless APIs using http.csrf().disable().