Menu
Since WebSecurityConfigurerAdapter has been deprecated, I have updated my SecurityConfig class with defining SecurityFilterChain as a bean in my config class but none of the config is working and spring still generates Security Password!
Here's my new WebSecurityConfig:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeHttpRequests()
.requestMatchers("/auth/**").permitAll()
.requestMatchers("/role1/**").hasAnyRole("admin")
.requestMatchers("/role2/**").hasAnyRole("admin")
.requestMatchers("/role3/**").hasAnyRole("admin")
.anyRequest()
.permitAll();
return http.build();
}
}
Spring still generates password:
Using generated security password: ******-****-****-****-**********
This generated password is for development use only. Your security configuration must be updated before running your application in production.
I have tried excluding SecurityAutoConfiguration class from the main application but it did not work.
529
asked Nov 01 '25 03:11
You can either remove the UserDetailsServiceAutoConfiguration by doing:
@SpringBootApplication(excludes = UserDetailsServiceAutoConfiguration.class) or you can provide a UserDetailsService of your own:
@Bean
public UserDetailsService userDetailsService() {
return new InMemoryUserDetailsManager();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
