用 Tomcat 启动 Spring Boot 时用户名和密码是什么？

小开

最佳答案

我认为您的类路径上有 Spring Security，然后 Spring Security 会自动配置为默认用户和生成的密码

请在 pom.xml 文件中查看以下内容:

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>

如果您在您的 pom 中有这个，那么您应该有一个如下的日志控制台消息:

Using default security password: ce6c3d39-8f20-4a41-8e01-803166bb99b6

在浏览器提示符中，您将导入用户 user和在控制台中打印的密码。

或者，如果您想配置 Spring 安全性，可以查看 Spring Boot 安全示例

在保安部分的 Spring Boot 参考文件中对此进行了解释，它指出:

The default AuthenticationManager has a single user (‘user’ username and random password, printed at `INFO` level when the application starts up)


Using default security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35

小开

如果在类路径中添加了 spring-security jar，并且如果是 spring-boot应用程序，那么所有的 http 端点都将由默认的安全配置类 SecurityAutoConfiguration保护

这会导致浏览器弹出窗口询问凭据。

每个应用程序重新启动时的密码更改都可以在控制台中找到。

Using default security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35

要在默认值之前添加自己的应用程序安全层,

@EnableWebSecurity
public class SecurityConfig {


@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}

或者如果您只是想更改密码，您可以覆盖默认值,

Xml

Password = new _ password

或者

应用性能

spring.security.user.name=<>
spring.security.user.password=<>

小开

您还可以要求用户提供凭据，并在服务器启动后动态设置凭据(在需要在客户环境中发布解决方案时非常有效) :

@EnableWebSecurity
public class SecurityConfig {


private static final Logger log = LogManager.getLogger();


@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
log.info("Setting in-memory security using the user input...");


Scanner scanner = new Scanner(System.in);
String inputUser = null;
String inputPassword = null;
System.out.println("\nPlease set the admin credentials for this web application");
while (true) {
System.out.print("user: ");
inputUser = scanner.nextLine();
System.out.print("password: ");
inputPassword = scanner.nextLine();
System.out.print("confirm password: ");
String inputPasswordConfirm = scanner.nextLine();


if (inputUser.isEmpty()) {
System.out.println("Error: user must be set - please try again");
} else if (inputPassword.isEmpty()) {
System.out.println("Error: password must be set - please try again");
} else if (!inputPassword.equals(inputPasswordConfirm)) {
System.out.println("Error: password and password confirm do not match - please try again");
} else {
log.info("Setting the in-memory security using the provided credentials...");
break;
}
System.out.println("");
}
scanner.close();


if (inputUser != null && inputPassword != null) {
auth.inMemoryAuthentication()
.withUser(inputUser)
.password(inputPassword)
.roles("USER");
}
}
}

(2018年5月)更新-这将工作在 Springboot2.x:

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {


private static final Logger log = LogManager.getLogger();


@Override
protected void configure(HttpSecurity http) throws Exception {
// Note:
// Use this to enable the tomcat basic authentication (tomcat popup rather than spring login page)
// Note that the CSRf token is disabled for all requests
log.info("Disabling CSRF, enabling basic authentication...");
http
.authorizeRequests()
.antMatchers("/**").authenticated() // These urls are allowed by any authenticated user
.and()
.httpBasic();
http.csrf().disable();
}


@Bean
public UserDetailsService userDetailsService() {
log.info("Setting in-memory security using the user input...");


String username = null;
String password = null;


System.out.println("\nPlease set the admin credentials for this web application (will be required when browsing to the web application)");
Console console = System.console();


// Read the credentials from the user console:
// Note:
// Console supports password masking, but is not supported in IDEs such as eclipse;
// thus if in IDE (where console == null) use scanner instead:
if (console == null) {
// Use scanner:
Scanner scanner = new Scanner(System.in);
while (true) {
System.out.print("Username: ");
username = scanner.nextLine();
System.out.print("Password: ");
password = scanner.nextLine();
System.out.print("Confirm Password: ");
String inputPasswordConfirm = scanner.nextLine();


if (username.isEmpty()) {
System.out.println("Error: user must be set - please try again");
} else if (password.isEmpty()) {
System.out.println("Error: password must be set - please try again");
} else if (!password.equals(inputPasswordConfirm)) {
System.out.println("Error: password and password confirm do not match - please try again");
} else {
log.info("Setting the in-memory security using the provided credentials...");
break;
}
System.out.println("");
}
scanner.close();
} else {
// Use Console
while (true) {
username = console.readLine("Username: ");
char[] passwordChars = console.readPassword("Password: ");
password = String.valueOf(passwordChars);
char[] passwordConfirmChars = console.readPassword("Confirm Password: ");
String passwordConfirm = String.valueOf(passwordConfirmChars);


if (username.isEmpty()) {
System.out.println("Error: Username must be set - please try again");
} else if (password.isEmpty()) {
System.out.println("Error: Password must be set - please try again");
} else if (!password.equals(passwordConfirm)) {
System.out.println("Error: Password and Password Confirm do not match - please try again");
} else {
log.info("Setting the in-memory security using the provided credentials...");
break;
}
System.out.println("");
}
}


// Set the inMemoryAuthentication object with the given credentials:
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
if (username != null && password != null) {
String encodedPassword = passwordEncoder().encode(password);
manager.createUser(User.withUsername(username).password(encodedPassword).roles("USER").build());
}
return manager;
}


@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

小开

如果无法根据其他指向默认密码的答案找到密码，则最新版本的日志消息措辞将更改为

Using generated security password: <some UUID>

小开

除了接受的答案-

如果日志中没有显示密码，则启用“ org.springframework.boot.autoconfigure.security”日志。

如果对日志配置进行微调，请确保将 org.springframework.boot.autoconfigure.security 类别设置为 log INFO 消息，否则将不打印默认密码。

Https://docs.spring.io/spring-boot/docs/1.4.0.release/reference/htmlsingle/#boot-features-security

小开

重写的时候

spring.security.user.name=
spring.security.user.password=

在 应用性能中，在 "username"周围不需要 "，只需要使用 username。另一点是，不要存储 原始密码，而是用 密码/密码加密它，并像下面这样存储它

spring.security.user.password={bcrypt}encryptedPassword

小开

当我开始学习 Spring Security 时，我重写了下面的代码片段中的方法 UserDetailsService ():

@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapter{


@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/index").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}


@Override
@Bean
public UserDetailsService userDetailsService() {
List<UserDetails> users= new ArrayList<UserDetails>();
users.add(User.withDefaultPasswordEncoder().username("admin").password("nimda").roles("USER","ADMIN").build());
users.add(User.withDefaultPasswordEncoder().username("Spring").password("Security").roles("USER").build());
return new InMemoryUserDetailsManager(users);
}
}

因此，我们可以使用上述信用卡登录到应用程序

注意: 这个我们不应该在生产中使用。

小开

尝试从项目下面的代码片段中获取用户名和密码并登录，希望这能起作用。

@Override
@Bean
public UserDetailsService userDetailsService() {
List<UserDetails> users= new ArrayList<UserDetails>();
users.add(User.withDefaultPasswordEncoder().username("admin").password("admin").roles("USER","ADMIN").build());
users.add(User.withDefaultPasswordEncoder().username("spring").password("spring").roles("USER").build());
return new UserDetailsManager(users);
}

小开

首先，只需将以下内容添加到 application.properties 文件中

spring.security.user.name=user
spring.security.user.password=pass

注意: 没有双引号

运行应用程序并输入凭据(用户，传递)

小开

在 Spring Security 版本5.7.1中，默认用户名是 user，密码是随机生成的，并显示在控制台中(例如 8e557245-73e2-4286-969a-ff57fe326336)。

详情请参阅文件:

Https://docs.spring.io/spring-security/reference/servlet/getting-started.html