Spring Security- How to change default username and password


In the previous Spring Security tutorial, we have learned the integration of Spring Security in the web application and protect the application via validating the username and password. But the problem is Spring Security gives us some default username and password.

Note: By default, username for Spring Security based application is “user” and password will be printed in your console log followed by “Using generated security password: <your-password>” text.

1. Change using Java file

To change the default username and password of Spring Security, create a class that extends WebSecurityConfigurerAdapter class and override its userDetailsServiceBean() method.

Before jump to the custom user configuration, I recommend walk through our Getting Started with Spring Security tutorial.

SecurityConfig.java
package org.websparrow.config;

import java.util.ArrayList;
import java.util.List;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Bean
	@Override
	public UserDetailsService userDetailsServiceBean() throws Exception {

		// add users in List
		List<UserDetails> users = new ArrayList<UserDetails>();
		
		users.add(User.withDefaultPasswordEncoder()
				.username("websparrow")
				.password("web123").roles("USER").build());

		return new InMemoryUserDetailsManager(users);
	}
}

@Configuration annotation indicates that a class declares one or more methods and may be processed by the Spring container to generate bean definitions and service requests for those beans at runtime.

@EnableWebSecurity annotation enables the Spring Web Security functionality for the application.

UserDetailsService and UserDetails both are core interface which loads user-specific data provided by Spring Security itself.

User is a model class that retrieved user information by UserDetailsService interface. It also provided by Spring Security itself.

You can add multiple users with the same or different roles also:

users.add(User.withDefaultPasswordEncoder()
		.username("sandeep")
		.password("sandeep123").roles("USER").build());

users.add(User.withDefaultPasswordEncoder()
		.username("prince")
		.password("priya").roles("ADMIN").build());

users.add(User.withDefaultPasswordEncoder()
		.username("mukul")
		.password("vipul").roles("USER").build());

You can also change the default username and password by adding the following code in your spring security configuration file.

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
	auth
		.inMemoryAuthentication()
			.withUser("websparrow").password("{noop}web1234").roles("USER");
}

Note: {noop} is not the part of password, it is just expression used for NoOpPasswordEncoder which store the password in plain text which is not a good practice. If you failed to add any password encoder technique, you may probably face the below exception:

java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"

2. Change using application.properties

You can also change the Spring Security default username and password using application.properties file.

# Your desired user name
spring.security.user.name=web

# password
spring.security.user.password=sparrow

# A comma separated list of roles
spring.security.user.roles=USER

References

  1. Securing a Web Application
  2. Class WebSecurityConfigurerAdapter
  3. Password Storage Updated

Similar Posts

About the Author

Websparrow
I like sharing my experiments and ideas with everyone by writing articles on the latest technological trends.