GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '2.7.x'

pull/30074/head
Andy Wilkinson 4 years ago
parent
68a2f557c7 f44e7d9391
commit
c755e0d1f8
2 changed files with 9 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java
  2. 6
      spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc

6
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java
Unescape View File

@ -85,7 +85,11 @@ public class UserDetailsServiceAutoConfiguration { @@ -85,7 +85,11 @@ public class UserDetailsServiceAutoConfiguration {
private String getOrDeducePassword(SecurityProperties.User user, PasswordEncoder encoder) {
String password = user.getPassword();
if (user.isPasswordGenerated()) {
logger.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword()));
logger.warn(String.format(
"%n%nUsing generated security password: %s%n%nThis generated password is for development use only. "
+ "Your security configuration must be updated before running your application in "
+ "production.%n",
user.getPassword()));
}
if (encoder != null || PASSWORD_ALGORITHM_PATTERN.matcher(password).matches()) {
return password;

6
spring-boot-project/spring-boot-docs/src/docs/asciidoc/web/spring-security.adoc
Unescape View File

@ -6,14 +6,16 @@ To add method-level security to a web application, you can also add `@EnableGlob @@ -6,14 +6,16 @@ To add method-level security to a web application, you can also add `@EnableGlob
Additional information can be found in the {spring-security-docs}/servlet/authorization/method-security.html[Spring Security Reference Guide].
The default `UserDetailsService` has a single user.
The user name is `user`, and the password is random and is printed at INFO level when the application starts, as shown in the following example:
The user name is `user`, and the password is random and is printed at WARN level when the application starts, as shown in the following example:
[indent=0]
----
Using generated security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35
This generated password is for development use only. Your security configuration must be updated before running your application in production.
----
NOTE: If you fine-tune your logging configuration, ensure that the `org.springframework.boot.autoconfigure.security` category is set to log `INFO`-level messages.
NOTE: If you fine-tune your logging configuration, ensure that the `org.springframework.boot.autoconfigure.security` category is set to log `WARN`-level messages.
Otherwise, the default password is not printed.
You can change the username and password by providing a `spring.security.user.name` and `spring.security.user.password`.

Write Preview
Loading…
Cancel
Save