Announcement Announcement Module
No announcement yet.
Spring Security Default User Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security Default User

    Hi Rooples

    Can anyone tell me where I can find the default user id "admin" password "admin" in Roo when "security setup" is run?

    In applicationContext-security.xml, I switched the authentication provider to "jdbc-user-service" but the login.jspx page still automatically populates the user id and password.

    What am I missing?

    Gordon Dickens

  • #2
    As you mentioned the file to look is applicationContext-security.xml

    You can see to get some ideaon how to use UserDetailsService


    • #3
      As I mentioned in my post, I switched the default in applicationContext-security.xml already.

      I looked at that example, previously. There has to be a reference to it somewhere else in Roo.


      • #4

        By default the Spring Security addon simply sets up a static user in applicationContext-security.xml:

           <user name="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" authorities="ROLE_ADMIN"/>
        ***<user name="user" password="04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb" authorities="ROLE_USER"/>
        This is of course just a token to get you started and as you mentioned you would replace that with a JDBC, LDAP, CAS, etc backend. So if you remove that user-service from your config above, you have deleted the admin user.

        If your browser still shows these details after the container restart that is probably due to the fact that it has automatically stored your form fields. You can simply clear these form completions and all should be fine.



        • #5
          Yes, as I said in the previous posts... I removed that.

          so, here is what I put in its place:

          <authentication-manager alias="authenticationManager">
          <password-encoder hash="sha-256" />
          <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query="SELECT username, password, enabled FROM security_users WHERE username = ?"
          authorities-by-username-query="SELECT u.username, a.authority FROM security_users u, security_roles a, security_role_user ua WHERE = AND u.username = ?" />

          Is there a default hardcoded somewhere in Roo or Spring Security (that I could scan source code for)?


          • #6
            No, there is nothing hard coded other than what I explained above. Have you deleted your browsers from auto fill feature?



            • #7
              D'oh! Sometimes its the simple things that get you. I tried it with Safari and it worked fine. It must be the form cache.

              Thanks for clearing up what should have been the obvious.