I use Spring Boot and I have read that a default should be printed out at log file or console - but there is nothing in my log. I use putty to connect and the connection is find but I dont know the credentials (password). Is there any hint I can do in order to get it work?
[EDIT] I also added this to lines to my application.properties file:
security.user.name=user
security.user.password=secret
but with no effect.
Log file screenshot:
These are my dependencies:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-websocket</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.smartinnotec.accounting</groupId>
<artifactId>smartinnotec-accounting-frontend</artifactId>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-library</artifactId>
<version>2.10.4</version>
</dependency>
</dependencies>
[EDIT]
If I remove the both annotations than a password is printed out at start time. My problem is, that I need the Beans defined in this class. Actually I dont know what to do? Is it possible to enable web security and also to print out the password?
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String[] restEndpointsToSecure;
@Autowired
private XAuthTokenConfigurer xAuthTokenConfigurer;
static {
restEndpointsToSecure = new String[7];
...
}
@Autowired(required = true)
private UserService userService;
public WebSecurityConfig() {
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
final String[] restEndpointsToSecure = WebSecurityConfig.restEndpointsToSecure;
for (final String endpoint : restEndpointsToSecure) {
http.authorizeRequests().antMatchers("/" + endpoint + "/**").hasRole(UserRoleEnum.USER.toString());
}
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterAfter(csrfTokenResponseHeaderBindingFilter(), CsrfFilter.class);
xAuthTokenConfigurer.setDetailsService(userDetailsServiceBean());
final SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityConfigurerAdapter = xAuthTokenConfigurer;
http.apply(securityConfigurerAdapter);
}
@Override
protected void configure(final AuthenticationManagerBuilder authManagerBuilder) throws Exception {
authManagerBuilder.userDetailsService(new CustomUserDetailsService(userService));
}
@Bean
public CsrfTokenResponseHeaderBindingFilter csrfTokenResponseHeaderBindingFilter() {
return new CsrfTokenResponseHeaderBindingFilter();
}
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
public String toString() {
return "[WebSecurityConfig]";
}
}
I use putty to connect
I think you are looking for a remote shell connection to actuator endpoints. If so, you should add the following into your dependency tree.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-remote-shell</artifactId>
</dependency>
Spring will print the default remote shell password in the console:
Using default password for shell access: 9b1abe6e-4ec0-4dca-a97a-fed2dadf1837
To override the default username/password, add followings into your application.properties
file or yml
.
management.shell.auth.simple.user.name=username
management.shell.auth.simple.user.password=password
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments