Even when I extend WebSecurityConfigurerAdapter class and override its methods: configure(HttpSecurity http) and configure(AuthenticationManagerBuilder auth) with custom users and roles and either add or remove @EnableWebSecurity annotation from this configuration concrete class, the default password is still getting generated and I cannot use http basic authentication with the custom credentials I declared inside configure() method.
I am always getting like below in the console:
Using generated security password: a2b4b374-65d2-4d20-a965-b34c00d44de9
turning off Spring Security by excluding SecurityAutoConfiguration.class is disabling the whole security which I don't want.
pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.5.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
Security Configuration
@Configuration
@EnableWebSecurity
public class BookStoreSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("{noop}password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().antMatcher("/**").authorizeRequests().anyRequest().hasRole("USER").and().csrf().disable();
}
}
App Entry Point
@SpringBootApplication(scanBasePackages={"com.example.springbootsecurity.bookstore"})
public class BookStoreApp {
public static void main(String[] args) {
SpringApplication.run(BookStoreApp.class, args);
}
}
I expected that from postman I would be able to login through basic authentication of my custom credential: admin/password.
But I always get the default password at console and my declared user credentials don't ever work and always give 401 unauthorized http status
Please help me with the solution!
