Menu
I am developing a small app with spring-boot and angularjs. The idea is that the backend of the application expose some services, and the frontend consume these services. I am trying to setup basic authentication
This is my pom.xml
<!-- Web Server -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- End Web Server -->
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- End Spring Security -->
both are in the same version 1.1.1.RELEASE. My WebSecurityConfig
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**", "/js/**").permitAll()
.anyRequest().authenticated();
http
.formLogin()
.defaultSuccessUrl("/")
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
authManagerBuilder.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
This is not working. Seems that the user and password are not set in memory.
When spring boot runs, it creates a default password, here is what appear in the console
AuthenticationManagerConfiguration :
Using default security password: xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
And the application work with that password.
Thank you
939
You can override the default user name (default value = user) and the password that is generated on the fly, by setting below properties in your application.properties file:
security.user.name=user # Default user name.
security.user.password= # Password for the default user name. A random password is logged on startup by default.
In order to register more than one user, you would need to build our own AuthenticationManager configuration.
178
I was having this problem too, with an OAuth2 application. In the Authorization Server Config, I was using what turned out to be the global AuthenticationManager.
@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.accessTokenConverter(accessTokenConverter());
}
}
But the AuthenticationManager I built is only scoped to the WebSecurityConfigurerAdapter. Instead of Overriding the configure method, I used this configureGlobal method and then everything fell into place, with no warnings or NullReferenceExceptions
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
