Spring Security- How to change default username and password


In the previous Spring Security tutorial, we have learned the integration of Spring Security in the web application and protect the application via validating the username and password. But the problem is Spring Security gives us some default username and password.

Note: By default, username for Spring Security based application is “user” and password will be printed in your console log followed by “Using generated security password: <your-password>” text.

To change the default username and password of Spring Security, create a class that extends WebSecurityConfigurerAdapter class and override its userDetailsServiceBean() method.

Before jump to the custom user configuration, I recommend walk through our Getting Started with Spring Security tutorial.

SecurityConfig.java
package org.websparrow.config;

import java.util.ArrayList;
import java.util.List;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Bean
	@Override
	public UserDetailsService userDetailsServiceBean() throws Exception {

		// add users in List
		List<UserDetails> users = new ArrayList<UserDetails>();
		
		users.add(User.withDefaultPasswordEncoder()
				.username("websparrow")
				.password("web123").roles("USER").build());

		return new InMemoryUserDetailsManager(users);
	}
}

@Configuration annotation indicates that a class declares one or more methods and may be processed by the Spring container to generate bean definitions and service requests for those beans at runtime.

@EnableWebSecurity annotation enables the Spring Web Security functionality for the application.

UserDetailsService and UserDetails both are core interface which loads user-specific data provided by Spring Security itself.

User is a model class that retrieved user information by UserDetailsService interface. It also provided by Spring Security itself.

You can add multiple users with the same or different roles also:

users.add(User.withDefaultPasswordEncoder()
		.username("sandeep")
		.password("sandeep123").roles("USER").build());

users.add(User.withDefaultPasswordEncoder()
		.username("prince")
		.password("priya").roles("ADMIN").build());

users.add(User.withDefaultPasswordEncoder()
		.username("mukul")
		.password("vipul").roles("USER").build());

References

  1. Securing a Web Application
  2. Class WebSecurityConfigurerAdapter

Similar Posts

About the Author

Websparrow
I like sharing my experiments and ideas with everyone by writing articles on the latest technological trends.