root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge branch '2.7.x'

Browse Source
pull/30074/head
Andy Wilkinson 3 years ago
parent 68a2f557c7 f44e7d9391
commit c755e0d1f8
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File

6
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java
Unescape Escape View File

@ -85,7 +85,11 @@ public class UserDetailsServiceAutoConfiguration {
private String getOrDeducePassword(SecurityProperties.User user, PasswordEncoder encoder) { private String getOrDeducePassword(SecurityProperties.User user, PasswordEncoder encoder) {
String password = user.getPassword(); String password = user.getPassword();
if (user.isPasswordGenerated()) { if (user.isPasswordGenerated()) {
logger.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword())); logger.warn(String.format(
"%n%nUsing generated security password: %s%n%nThis generated password is for development use only. "
+ "Your security configuration must be updated before running your application in "
+ "production.%n",
user.getPassword()));
} }
if (encoder != null || PASSWORD_ALGORITHM_PATTERN.matcher(password).matches()) { if (encoder != null || PASSWORD_ALGORITHM_PATTERN.matcher(password).matches()) {
return password; return password;

6
spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc
Unescape Escape View File

@ -6,14 +6,16 @@ To add method-level security to a web application, you can also add `@EnableGlob
Additional information can be found in the {spring-security-docs}/servlet/authorization/method-security.html[Spring Security Reference Guide]. Additional information can be found in the {spring-security-docs}/servlet/authorization/method-security.html[Spring Security Reference Guide].
The default `UserDetailsService` has a single user. The default `UserDetailsService` has a single user.
The user name is `user`, and the password is random and is printed at INFO level when the application starts, as shown in the following example: The user name is `user`, and the password is random and is printed at WARN level when the application starts, as shown in the following example:
[indent=0] [indent=0]
---- ----
Using generated security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35 Using generated security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35
This generated password is for development use only. Your security configuration must be updated before running your application in production.
---- ----
NOTE: If you fine-tune your logging configuration, ensure that the `org.springframework.boot.autoconfigure.security` category is set to log `INFO`-level messages. NOTE: If you fine-tune your logging configuration, ensure that the `org.springframework.boot.autoconfigure.security` category is set to log `WARN`-level messages.
Otherwise, the default password is not printed. Otherwise, the default password is not printed.
You can change the username and password by providing a `spring.security.user.name` and `spring.security.user.password`. You can change the username and password by providing a `spring.security.user.name` and `spring.security.user.password`.

Write Preview
Loading…
Cancel
Save