Spring Security - InmemoryUserDetailsManager

This blog post talks about InmemoryUserDetailsManager

By default if you enable spring-security in your spring boot application it will come with Basic Authentication by default

Adding spring-boot-starter-security in your build.gradle file enables spring security

dependencies {
implementation 'org.springframework.boot:spring-boot-starter'
implementation 'org.springframework.boot:spring-boot-starter-security'
}

Basic Authentication credentials in the log files after you start the application


 .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::       (v2.1.13.RELEASE)
2020-04-15 09:26:16.340  INFO 5152 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 

 Using generated security password: 4fc1d55e-2b2e-4f23-8cc5-dd2fbc561b7e

 2020-04-15 09:26:16.498  INFO 5152 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@16aa5f2, org.springframework.security.web.context.SecurityContextPersistenceFilter@ee3e2b, org.springframework.security.web.header.HeaderWriterFilter@14ed053, org.springframework.security.web.csrf.CsrfFilter@1a69a35, org.springframework.security.web.authentication.logout.LogoutFilter@659ac, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@11a709b, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@34831b, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@11d3c8, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@dc4c6, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1532566, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@748168, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@116b68b, org.springframework.security.web.session.SessionManagementFilter@6bc9a4, org.springframework.security.web.access.ExceptionTranslationFilter@a4a74d, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4ccf8]
2020-04-15 09:26:16.591  INFO 5152 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 2120 (http) with context path ''

Spring security's simplest user details concrete class called InMemoryUserDetailsManager.
Here we can provide a list of users in its constructor and spring security will authenticate only the users that are listed here. Then Spring security will take up this UserDetailsService than the default one if specified.


import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

 @SpringBootApplication
public class ReportBuilderApplication {

    public static void main(String[] args) {
      SpringApplication.run(ReportBuilderApplication.class, args);   }

    @Bean   UserDetailsService userDetailsService() {
      return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder().
           username("admin").
           password("admin").
           roles("USER").build());   }
}

Hope this helps :)





-
Location: Missouri City, TX, USA

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 Python Basics How to check the version of Python interpreter mac terminal

Popular in last 30 days