Announcement Announcement Module
Collapse
No announcement yet.
Spring Security Default User Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security Default User

    Hi Rooples

    Can anyone tell me where I can find the default user id "admin" password "admin" in Roo when "security setup" is run?

    In applicationContext-security.xml, I switched the authentication provider to "jdbc-user-service" but the login.jspx page still automatically populates the user id and password.

    What am I missing?

    Thanks,
    Gordon Dickens
    twitter.com/gdickens

  • #2
    As you mentioned the file to look is applicationContext-security.xml

    You can see http://bitbucket.org/jeduan/spring-roo-password/ to get some ideaon how to use UserDetailsService

    Comment


    • #3
      As I mentioned in my post, I switched the default in applicationContext-security.xml already.

      I looked at that example, previously. There has to be a reference to it somewhere else in Roo.

      Comment


      • #4
        Gordon,

        By default the Spring Security addon simply sets up a static user in applicationContext-security.xml:

        Code:
        <user-service>
           <user name="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" authorities="ROLE_ADMIN"/>
        ***<user name="user" password="04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb" authorities="ROLE_USER"/>
        </user-service>
        This is of course just a token to get you started and as you mentioned you would replace that with a JDBC, LDAP, CAS, etc backend. So if you remove that user-service from your config above, you have deleted the admin user.

        If your browser still shows these details after the container restart that is probably due to the fact that it has automatically stored your form fields. You can simply clear these form completions and all should be fine.

        -Stefan
        ******

        Comment


        • #5
          Yes, as I said in the previous posts... I removed that.

          so, here is what I put in its place:

          <authentication-manager alias="authenticationManager">
          <authentication-provider>
          <password-encoder hash="sha-256" />
          <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query="SELECT username, password, enabled FROM security_users WHERE username = ?"
          authorities-by-username-query="SELECT u.username, a.authority FROM security_users u, security_roles a, security_role_user ua WHERE u.id = ua.users.id AND u.username = ?" />
          </authentication-provider>
          </authentication-manager>

          Is there a default hardcoded somewhere in Roo or Spring Security (that I could scan source code for)?

          Comment


          • #6
            No, there is nothing hard coded other than what I explained above. Have you deleted your browsers from auto fill feature?

            -Stefan

            Comment


            • #7
              D'oh! Sometimes its the simple things that get you. I tried it with Safari and it worked fine. It must be the form cache.

              Thanks for clearing up what should have been the obvious.

              G

              Comment

              Working...
              X