Spring Security - Conceptual question around generated security password

nullptr Published at Java

nullptr :

I am watching a Udemy Course related to REST services using Spring Boot, Data and Security, when setting up the project I noticed the security password printed when the server starts, generated by Spring Security:

Using generated security password: 25b18119-45f0-4d31-99ce-29ba2ccbe3c0
... After restarting
Using generated security password: f75fa549-7856-4fcf-9e70-9f738ad7171d
... After restarting
Using generated security password: 4777e44c-e598-4a2f-b690-ab70b5ca1d4e
...

Which makes me wonder two things:

How is it possible to another application to consume my services since each time the authorization will have a different password?
Is this supposed to be a development feature only, and not supposed to be used in production?

Since I did not configure anything more in the course, I still updating the generated security password each time the server is restarted, which is a pain. Is there any related configuration to define a final application password?

xerx593 :

How is it possible to another application to consume my services since each time the authorization will have a different password?

1.1. As you already do (by updating the (client's) password on each container start)

1.2. By providing fixed credentials... (core of your question)
Is this supposed to be a development feature only, and not supposed to be used in production? Of course it is a handy development feature, but can also be used in production.

To provide fixed credentials, please add spring.security.user.name and spring.security.user.password properties. (to your configuration/application.properties/.yaml ...)

Ref: https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-09-13

Comments

0 comments

TOP Ranking

Article

Spring Security - Conceptual question around generated security password

Spring Security - Conceptual question around generated security password

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

pump.io port in URL

Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

How to import an asset in swift using Bundle.main.path() in a react-native native module

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

3D Touch Peek Swipe Like Mail

BigQuery - concatenate ignoring NULL

How to how increase/decrease compared to adjacent cell

Make a B+ Tree concurrent thread safe

Emulator wrong screen resolution in Android Studio 1.3

Can a 32-bit antivirus program protect you from 64-bit threats

Svchost high CPU from Microsoft.BingWeather app errors

Double spacing in rmarkdown pdf

Unable to use switch toggle for dark mode in material-ui

java.lang.NullPointerException: Cannot read the array length because "<local3>" is null

Google Chrome Translate Page Does Not Work

How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?

Using Response.Redirect with Friendly URLS in ASP.NET

Bootstrap 5 Static Modal Still Closes when I Click Outside

SSIS setting column with data in Script Component