I am watching a Udemy Course related to REST services using Spring Boot, Data and Security, when setting up the project I noticed the security password printed when the server starts, generated by Spring Security:
Using generated security password: 25b18119-45f0-4d31-99ce-29ba2ccbe3c0
... After restarting
Using generated security password: f75fa549-7856-4fcf-9e70-9f738ad7171d
... After restarting
Using generated security password: 4777e44c-e598-4a2f-b690-ab70b5ca1d4e
...
Which makes me wonder two things:
Since I did not configure anything more in the course, I still updating the generated security password each time the server is restarted, which is a pain. Is there any related configuration to define a final application password?
How is it possible to another application to consume my services since each time the authorization will have a different password?
1.1. As you already do (by updating the (client's) password on each container start)
1.2. By providing fixed credentials... (core of your question)
Is this supposed to be a development feature only, and not supposed to be used in production? Of course it is a handy development feature, but can also be used in production.
To provide fixed credentials, please add spring.security.user.name
and spring.security.user.password
properties. (to your configuration/application.properties/.yaml ...)
Ref: https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments