Spring Security Default Username, Password, Role

In this Spring Boot Security tutorial, you will learn how to enable Basic Authentication for your Spring Boot project and how to configure the default username, password and user role. You will also learn how to secure a web service request URL so that only authenticated user with a default username, password and role can access.

Create a Simple Spring Boot Project

I assume you already have your Spring Boot project created but if you do not, here is a very short tutorial on how to create a simple Spring Boot project with Spring Initializr.

Add Spring Security

To add Spring Security to your Spring Boot project open the pom.xml file and add the following dependency:

<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Once you add the above dependency to your pom.xml project, build and run it you will notice that all URLs of your project became secured and require a default username and password to be provided to access. If you attempt to access one, you will be prompted with a login form:

Spring Security Login Page

The default username is: user and the default password will be printed in the console at the time when your Spring Boot project is starting.

Spring Security Default Password

Configure Default Username, Password and Role

To configure the default username, password and role, open application.properties file of your Spring Boot project and add the following three properties with the values you prefer.

spring.security.user.name=sergey
spring.security.user.password=sergey
spring.security.user.roles=manager

The above properties will change the default username, password and role. Restart your Spring Boot project and try the new username and password you have set. Also, once you have set a custom password for the default user, you will notice that a default Spring Security password is no longer generated and printed in the console.

Secure Specific URLs

You can secure specific URLs of your application and make them accessible by users of a specific Role only. For example, in the application.properties file above, we have configured the Role of a default user to be a manager. Let’s now configure access for a specific URL in our application, so that only user with a role “manager” can access it.

In your Spring Boot project create a new Java class and:

  • Annotate it with @EnableWebSecurity annotation
  • Make this Java class extend WebSecurityConfigurerAdapter,
  • Override the configure(HttpSecurity http) method like in the example below;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception { 
        http
        .cors().and()
        .csrf().disable().authorizeRequests()
        .antMatchers("/users").hasRole("manager")
        .anyRequest().authenticated()
        .and()
        .formLogin();
    }
}

In the code example above I am securing the /users web service endpoint of my Spring Boot application and making it accessible to users with “manager” role only.

I hope this tutorial was helpful to you. If you are interested to learn more about Spring Boot Security, then have a look at the list of online video courses below. One of these video courses might help you speed up your learning progress.

1 Comment on "Spring Security Default Username, Password, Role"

Leave a Reply

Your email address will not be published. Required fields are marked *

Free Video Lessons

Enter your email and stay on top of things,

Subscribe!