Member
Spring Security Default User
Hi Rooples
Can anyone tell me where I can find the default user id "admin" password "admin" in Roo when "security setup" is run?
In applicationContext-security.xml, I switched the authentication provider to "jdbc-user-service" but the login.jspx page still automatically populates the user id and password.
What am I missing?
Thanks,
Gordon Dickens
twitter.com/gdickens
Regards,
Gordon Dickens
gordon@gordondickens.com
twitter.com/gdickens
linkedin.com/in/gordondickens
Blog: technophile.gordondickens.com
Senior Member
As you mentioned the file to look is applicationContext-security.xml
You can see http://bitbucket.org/jeduan/spring-roo-password/ to get some ideaon how to use UserDetailsService
Member
As I mentioned in my post, I switched the default in applicationContext-security.xml already.
I looked at that example, previously. There has to be a reference to it somewhere else in Roo.
Regards,
Gordon Dickens
gordon@gordondickens.com
twitter.com/gdickens
linkedin.com/in/gordondickens
Blog: technophile.gordondickens.com
Senior Member
Spring Team
Gordon,
By default the Spring Security addon simply sets up a static user in applicationContext-security.xml:
This is of course just a token to get you started and as you mentioned you would replace that with a JDBC, LDAP, CAS, etc backend. So if you remove that user-service from your config above, you have deleted the admin user.Code:<user-service> <user name="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" authorities="ROLE_ADMIN"/> ***<user name="user" password="04f8996da763b7a969b1028ee3007569eaf3a635486ddab211d512c85b9df8fb" authorities="ROLE_USER"/> </user-service>
If your browser still shows these details after the container restart that is probably due to the fact that it has automatically stored your form fields. You can simply clear these form completions and all should be fine.
-Stefan
******
Stefan Schmidt
Software Engineer, Spring Roo
SpringSource - a division of VMware
twitter @schmidtstefan
Member
Yes, as I said in the previous posts... I removed that.
so, here is what I put in its place:
<authentication-manager alias="authenticationManager">
<authentication-provider>
<password-encoder hash="sha-256" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username, password, enabled FROM security_users WHERE username = ?"
authorities-by-username-query="SELECT u.username, a.authority FROM security_users u, security_roles a, security_role_user ua WHERE u.id = ua.users.id AND u.username = ?" />
</authentication-provider>
</authentication-manager>
Is there a default hardcoded somewhere in Roo or Spring Security (that I could scan source code for)?
Regards,
Gordon Dickens
gordon@gordondickens.com
twitter.com/gdickens
linkedin.com/in/gordondickens
Blog: technophile.gordondickens.com
Senior Member
Spring Team
No, there is nothing hard codedother than what I explained above. Have you deleted your browsers from auto fill feature?
-Stefan
Stefan Schmidt
Software Engineer, Spring Roo
SpringSource - a division of VMware
twitter @schmidtstefan
Member
D'oh! Sometimes its the simple things that get you. I tried it with Safari and it worked fine. It must be the form cache.
Thanks for clearing up what should have been the obvious.
G
Regards,
Gordon Dickens
gordon@gordondickens.com
twitter.com/gdickens
linkedin.com/in/gordondickens
Blog: technophile.gordondickens.com
Posting Permissions
Reply With Quote