发表新帖
发表新帖

Remove “Using default security password” on Spring Boot

后端 未结
关注
18 2120
小鲜肉
小鲜肉 2020-12-04 12:13

I added one custom Security Config in my application on Spring Boot, but the message about \"Using default security password\" is still there in LOG file.

Is there a

相关标签:
18条回答
  • 暖寄归人
    2020-12-04 12:23

    Look up: http://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html

    From AuthenticationManagerConfiguration.java looking at code, I see below. Also the in-memory configuration is a fallback if no authentication manager is provided as per Javadoc. Your earlier attempt of Injecting the Authentication Manager would work because you will no longer be using the In-memory authentication and this class will be out of picture.

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        if (auth.isConfigured()) {
            return;
        }
        User user = this.securityProperties.getUser();
        if (user.isDefaultPassword()) {
            logger.info("\n\nUsing default security password: " + user.getPassword()
                    + "\n");
        }
        Set<String> roles = new LinkedHashSet<String>(user.getRole());
        withUser(user.getName()).password(user.getPassword()).roles(
                roles.toArray(new String[roles.size()]));
        setField(auth, "defaultUserDetailsService", getUserDetailsService());
        super.configure(auth);
    }

    If you use inmemory authentication which is default, customize your logger configuration for org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration and remove this message.

    0 讨论(0)
  • 感动是毒
    2020-12-04 12:27

    On spring boot 2 with webflux you need to define a ReactiveAuthenticationManager

    0 讨论(0)
  • 旧巷少年郎
    2020-12-04 12:28

    I came across the same problem and adding this line to my application.properties solved the issue.

    spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration

    It's one of the Spring's Automatic stuffs which you exclude it like excluding other stuffs such as actuators. I recommend looking at this link

    0 讨论(0)
  • 我在风中等你
    2020-12-04 12:30

    Adding following in application.properties worked for me,

    security.basic.enabled=false

    Remember to restart the application and check in the console.

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-04 12:30

    It is also possible to just turn off logging for that specific class in properties :

    logging.level.org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration=WARN

    0 讨论(0)
  • 孤城傲影
    2020-12-04 12:32

    For Reactive Stack (Spring Webflux, Netty) you either need to exclude ReactiveUserDetailsServiceAutoConfiguration.class

    @SpringBootApplication(exclude = {ReactiveUserDetailsServiceAutoConfiguration.class})

    Or define ReactiveAuthenticationManager bean (there are different implementations, here is the JWT one example)

    @Bean
public ReactiveJwtDecoder jwtDecoder() {
    return new NimbusReactiveJwtDecoder(keySourceUrl);
}
@Bean
public ReactiveAuthenticationManager authenticationManager() {
    return new JwtReactiveAuthenticationManager(jwtDecoder());
}
    0 讨论(0)
 看不清?
提交回复
热议问题