Spring Security: How to change default user and password?

Question

I have Spring Security in my pom.xml, and Spring Security is automatically configured with a default user and generated password:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

How do I change the default user and password?

suppose this [post](https://stackoverflow.com/questions/37285016/what-is-username-and-password-when-starting-spring-boot-with-tomcat) may be helpful and have a solution for what you are expecting. — Rajith Pemabandu, Aug 07 '17 at 23:25
Possible duplicate of [What is username and password when starting Spring Boot with Tomcat?](https://stackoverflow.com/questions/37285016/what-is-username-and-password-when-starting-spring-boot-with-tomcat) — Graham, Aug 08 '17 at 00:41

score 20 · Answer 1 · edited Jul 30 '23 at 00:07

20

This can be easly done in your application.properties file:

spring.security.user.name=user # Default user name.
spring.security.user.password= # Password
spring.security.user.roles=    # A comma separated list of roles

Covered at the Common Application Properties - Security Properties documentation.

edited Jul 30 '23 at 00:07

Manuel Jordan

15,253
21
95
158

answered Aug 07 '17 at 23:42

Juan Carlos Mendoza

5,736
7
25
50

2

This is not working when using `Spring Boot 2.2.2.RELEASE` and Security dependency, we need to implement `configure(...)` and extend `WebSecurityConfigurerAdapter` – PAA Jan 04 '20 at 16:11

Brian · Answer 2 · 2017-08-07T23:27:00.337

This is straight from the docs:

Create a configuration class:

@Configuration
@EnableWebSecurity
public class HelloWebSecurityConfiguration
   extends WebSecurityConfigurerAdapter {

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) {
    auth
      .inMemoryAuthentication()
        .withUser("user").password("password").roles("USER");
  }
}

Newer Docs

This is slightly different, but the effect would be the same:

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public UserDetailsService userDetailsService() throws Exception {
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withUsername("user").password("password").roles("USER").build());
        return manager;
    }
}

JULY 03, 2013 old documentation :'( – ahmedmess Aug 07 '17 at 23:17 — ahmedmess, Aug 07 '17 at 23:17
I just did this with 1.5.6 successully. – Brian Aug 07 '17 at 23:27 — Brian, Aug 07 '17 at 23:27

score 6 · Answer 3 · answered Jul 31 '18 at 07:20

6

#add these lines in application.properties
    spring.security.user.name=username
    spring.security.user.password=password

answered Jul 31 '18 at 07:20

Santosh G P

61
1
2

Nazia Shaikh · Answer 4 · 2023-08-22T17:26:33.123

Ref-Spring Boot 3 + Security - Change Default Password (Set Custom Credentials)
With Spring Boot 3 and Spring Security 6, the configuration to have a custom username and password will be as follows-

@Configuration
public class SecurityConfig {

    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.formLogin();
        http.authorizeHttpRequests().anyRequest().authenticated();
        return http.build();
    }
    
    @Bean
    UserDetailsService userDetailsService() {
        InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();
        UserDetails user = User.withUsername("javainuse").password("javainuse").authorities("read").build();
        userDetailsService.createUser(user);
        return userDetailsService;
    }

}

score 0 · Answer 5 · edited Sep 27 '18 at 06:11

0

Add below properties in application.properties

spring.security.user.name= user_name
spring.security.user.password= user_password

where "user_name" will be the user and "user_password" will be the password.

edited Sep 27 '18 at 06:11

Unheilig

16,196
193
68
98

answered Sep 27 '18 at 05:50

sonal dadarya

9
1

score 0 · Answer 6 · answered Sep 11 '19 at 13:26

These will not work with old version of spring boot, I was using 1.5.11.RELEASE and these properties were not working, After moving to 2.1.8.RELEASE, these properties work fine.

check your pom.xml

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.8.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

spring.security.user.name=username
spring.security.user.password=password

score -1 · Answer 7 · answered Jan 04 '23 at 05:13

Set these 2 properties in your application.yml

spring.security.user.name=user_name
spring.security.user.password=user_password

Now how does this work
If you search for SecurityProperties.java inside this class you will see that these 2 properties have default value as

String user = user;
String password = UUID.randomUUID().toString();

Which are default credential for spring security So we are basically override the default by setting those properties manually

Spring Security: How to change default user and password?

7 Answers7

Linked