CODEWITHSUNDEEP
spring-bootspring-security
Rinks
Rinks

Reputation: 25

Spring Security with Spring Boot

I am trying to create a Spring Boot REST application. When I deploy my application, it authentication is required and it is asking me for user name and password. How can I bypass this or how can I add a user name and password for authentication?

Do I need to remove security entry in pom?

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Upvotes: 0

Views: 1035

Answers (4)

alphaBEE
alphaBEE

Reputation: 41

if you wish to configure a username/password of your choice then you can do so in application.properties file.

spring.security.user.name=username

spring.security.user.password=password

Now spring security will not generate a new password each time you boot the application.

Note: When using postman to send requests, go to authorization> select "basic auth"> Enter the username and password so authentication details can be sent along with each request. If using browser, there should be a login page.

Upvotes: 0

Derrick
Derrick

Reputation: 4455

Apart from other two answers - default username is 'user' and password will be printed in the console each time you start your server like below - 

2019-08-31 23:58:16.417  INFO 12528 --- [  restartedMain] .s.s.UserDetailsServiceAutoConfiguration : 

Using generated security password: 1ab46edf-332a-42de-ae11-70dc138c65db

Simply use these credentials to login.

Note - If you fine-tune your logging configuration, ensure that the org.springframework.boot.autoconfigure.security category is set to log INFO-level messages. Otherwise, the default password is not printed.

Upvotes: 0

Subhasish Sahu
Subhasish Sahu

Reputation: 1339

No need of removing security from pom.xml. In your project, you can try something like below. Try to create SecurityConfig which will extend WebSecurityConfigurerAdapter and provide some user name and password and later you can customize it.

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user")
                    .password("user")
                    .roles("USER")
                    .and()
                .withUser("user2")
                    .password("secret2")
                    .roles("USER");
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest().fullyAuthenticated();
        http
            .httpBasic();
        http
            .csrf().disable();
    }
}

public @interface EnableWebMvcSecurity {

}

Upvotes: 0

dur
dur

Reputation: 17009

If you don't want to use authentication at all, you should remove the dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

See Spring Boot Reference Guide:

If Spring Security is on the classpath then web applications will be secure by default with ‘basic’ authentication on all HTTP endpoints.

Upvotes: 1

Related Questions