網頁

2019/9/30

Spring Boot Security 預設的使用者名稱及密碼 default user username and password

Spring Boot Security預設的使用者名稱為user,密碼則是系統啟動時印在console的UUID,例如


  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.1.8.RELEASE)

2019-09-30 15:28:17.928  INFO 9240 --- [           main] c.a.demo.SpringSecurityDemoApplication   : Starting SpringSecurityDemoApplication on matt-PC with PID 9240 (D:\MyProject\workspace\spring-security-demo\bin\main started by matt in D:\MyProject\workspace\spring-security-demo)
2019-09-30 15:28:17.934  INFO 9240 --- [           main] c.a.demo.SpringSecurityDemoApplication   : No active profile set, falling back to default profiles: default
2019-09-30 15:28:19.956  INFO 9240 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
2019-09-30 15:28:20.008  INFO 9240 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2019-09-30 15:28:20.008  INFO 9240 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.24]
2019-09-30 15:28:20.163  INFO 9240 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/demo]   : Initializing Spring embedded WebApplicationContext
2019-09-30 15:28:20.164  INFO 9240 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 2143 ms
2019-09-30 15:28:20.563  INFO 9240 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2019-09-30 15:28:21.031  INFO 9240 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 

Using generated security password: 4925b629-d788-418b-90db-fb3877ba8706

2019-09-30 15:28:21.178  INFO 9240 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@562c877a, org.springframework.security.web.context.SecurityContextPersistenceFilter@57fae983, org.springframework.security.web.header.HeaderWriterFilter@982bb90, org.springframework.security.web.csrf.CsrfFilter@2cfbeac4, org.springframework.security.web.authentication.logout.LogoutFilter@1763992e, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@58cec85b, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@48c4245d, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@67001148, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@3adbe50f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4bee18dc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5ee34b1b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@989da1, org.springframework.security.web.session.SessionManagementFilter@7bef452c, org.springframework.security.web.access.ExceptionTranslationFilter@76954a33, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4a9486c0]
2019-09-30 15:28:21.281  INFO 9240 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path '/demo'
2019-09-30 15:28:21.285  INFO 9240 --- [           main] c.a.demo.SpringSecurityDemoApplication   : Started SpringSecurityDemoApplication in 3.948 seconds (JVM running for 4.448)

由於Spring Boot Security預設使用
SecurityAutoConfigurationUserDetailsServiceAutoConfiguration配置。
而在UserDetailsServiceAutoConfiguration.inMemoryUserDetailsManager()中會用InMemoryUserDetailsManager設定一個in-memory(存在記憶體內的)使用者。

此預設使用者資訊來自於SecurityProperties.User
預設的使用者名稱name = "user"
預設的使用者密碼password = UUID.randomUUID().toString()

節錄SecurityProperties.User原始碼如下:

SecurityProperties

package org.springframework.boot.autoconfigure.security;

import ...

@ConfigurationProperties(prefix = "spring.security")
public class SecurityProperties {
    ...
    public static class User {

        /**
         * Default user name.
         */
        private String name = "user";

        /**
         * Password for the default user name.
         */
        private String password = UUID.randomUUID().toString();

        ...
    }

}


如果要修改預設產生的帳號密碼,可在application.properties設定以下參數。

application.properties

# login username
spring.security.user.name=john
# login password
spring.security.user.password=12345

參考:

沒有留言:

張貼留言