I have added spring-security-starter
in pom.xml.After,than I got a login screen where I added the
Username =user
password= Autogenerated password by spring security
Hence the login was successful. But,when I added these properties in application.properties file:
spring.security.user.name=ashwin
spring.security.user.password=ashwin
Then when I run the project,when i try to login using these username=ashwin and password=ashwin it is denying me and showing me Bad credintals.
My console printed is:
2019-08-17 10:16:02.470 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : Starting SpringSecurityDemoApplication on Ashwin with PID 16036 (E:\sp-brains\spring-security-demo\target\classes started by AshwinPC in E:\sp-brains\spring-security-demo)
2019-08-17 10:16:02.492 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : No active profile set, falling back to default profiles: default
2019-08-17 10:16:15.394 INFO 16036 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2019-08-17 10:16:15.600 INFO 16036 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2019-08-17 10:16:15.601 INFO 16036 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.22]
2019-08-17 10:16:16.524 INFO 16036 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2019-08-17 10:16:16.524 INFO 16036 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 13042 ms
2019-08-17 10:16:18.007 INFO 16036 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2019-08-17 10:16:20.530 INFO 16036 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5e39850, org.springframework.security.web.context.SecurityContextPersistenceFilter@74fe5966, org.springframework.security.web.header.HeaderWriterFilter@6c37bd27, org.springframework.security.web.csrf.CsrfFilter@6b587673, org.springframework.security.web.authentication.logout.LogoutFilter@49aa766b, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@27fde870, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@1542af63, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@1603dc2f, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4e4c3a38, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@677b8e13, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58cec85b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@398474a2, org.springframework.security.web.session.SessionManagementFilter@30331109, org.springframework.security.web.access.ExceptionTranslationFilter@4d0b0fd4, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2bcec6a6]
2019-08-17 10:16:21.438 INFO 16036 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2019-08-17 10:16:21.480 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : Started SpringSecurityDemoApplication in 20.703 seconds (JVM running for 22.771)
My main class :
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringSecurityDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringSecurityDemoApplication.class, args);
}
}
A testing controller to go after login:
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping(value = "/")
public String hello(){
return "<h1>Hello World</h1>";
}
}
You can use inMemoryAuthentication
using configureGlobal(AuthenticationManagerBuilder auth)
or @Bean
of UserDetailsService
:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("ashwin").password("{noop}ashwin").roles("ADMIN");
}
//OR
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("ashwin").password("{noop}ashwin").roles("USER").build());
return manager;
}
}
Note: You can also simply prefix {noop}
to your passwords in order for the DelegatingPasswordEncoder
use the NoOpPasswordEncoder
to validate these passwords. Notice that NoOpPasswordEncoder
is deprecated though, as it is not a good practice to store passwords in plain text.