0

I am trying to create a Spring Boot REST application. When I deploy my application, it authentication is required and it is asking me for user name and password. How can I bypass this or how can I add a user name and password for authentication?

Do I need to remove security entry in pom?

<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
</dependency>
dur
17.3k26 gold badges93 silver badges146 bronze badges
asked Dec 31, 2016 at 3:28

4 Answers 4

1

If you don't want to use authentication at all, you should remove the dependency:

<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
</dependency>

See Spring Boot Reference Guide:

If Spring Security is on the classpath then web applications will be secure by default with ‘basic’ authentication on all HTTP endpoints.

answered Dec 31, 2016 at 10:35
Sign up to request clarification or add additional context in comments.

Comments

0

No need of removing security from pom.xml. In your project, you can try something like below. Try to create SecurityConfig which will extend WebSecurityConfigurerAdapter and provide some user name and password and later you can customize it.

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
 @Override
 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 auth
 .inMemoryAuthentication()
 .withUser("user")
 .password("user")
 .roles("USER")
 .and()
 .withUser("user2")
 .password("secret2")
 .roles("USER");
 }
 @Override
 protected void configure(HttpSecurity http) throws Exception {
 http
 .authorizeRequests()
 .anyRequest().fullyAuthenticated();
 http
 .httpBasic();
 http
 .csrf().disable();
 }
}

public @interface EnableWebMvcSecurity {
}
dur
17.3k26 gold badges93 silver badges146 bronze badges
answered Dec 31, 2016 at 3:33

Comments

0

Apart from other two answers - default username is 'user' and password will be printed in the console each time you start your server like below - 

2019年08月31日 23:58:16.417 INFO 12528 --- [ restartedMain] .s.s.UserDetailsServiceAutoConfiguration : 
Using generated security password: 1ab46edf-332a-42de-ae11-70dc138c65db

Simply use these credentials to login.

Note - If you fine-tune your logging configuration, ensure that the org.springframework.boot.autoconfigure.security category is set to log INFO-level messages. Otherwise, the default password is not printed.

answered Aug 31, 2019 at 18:42

Comments

0

if you wish to configure a username/password of your choice then you can do so in application.properties file.

spring.security.user.name=username

spring.security.user.password=password

Now spring security will not generate a new password each time you boot the application.

Note: When using postman to send requests, go to authorization> select "basic auth"> Enter the username and password so authentication details can be sent along with each request. If using browser, there should be a login page.

answered Jan 25, 2023 at 15:52

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.