如何使用默认用户名/密码初始化Spring Boot安全配置,但在第二次运行时不会崩溃? [英] How to initialize Spring Boot security config with default username/password but not crash on second run?
问题描述
遵循此处的主题指南,并添加BCrypt密码编码器基于 Baeldung的示例,我已将Spring Boot应用程序配置为使用数据库(分别设置,而不是由ORM自动生成)作为其用户详细信息的来源.我的安全配置的这一部分( 在第一次运行时,此方法有效,创建了一个名为'admin'的用户,该用户具有哈希密码和数据库中的指定角色. (这是它的价值所在的PostgreSQL数据库.)但是,如果我尝试再次运行该应用程序,它将无法启动,崩溃,因为它试图再次创建同一用户并出现重复的主键错误. 我想要的东西:我希望Spring Boot创建默认用户(如果尚不存在),如果已有的话,跳过它. 原因:必须能够登录到应用程序的新初始化副本,有时需要重新启动几次,才能在开发人员的机器上进行测试和试验.我的生产"数据库应该已经具有管理员"登录名,并且该应用程序不应覆盖该登录名,否则将无法崩溃. 因此,我的问题是:如何在Spring Boot的 或者:如果在数据库启动时我可以使用SQL PS:我的新配置破坏了一些自动化测试类,这还有另一个问题(请参阅解决方案jdbcAuthentication
配置中初始化默认用户,以确保如果用户名已经存在,Spring Boot不会崩溃?>
INSERT
默认用户使用SQL进入数据库,则不需要在Spring Boot配置中执行此操作.但是我不知道如何以与Spring Boot的哈希匹配的方式在INSERT
语句中哈希密码.
您可以将选项.withDefaultSchema()
与您正在使用的jdbcauthentication一起使用您想到的替代解决方案.如前所述,您可能必须找出在该脚本中使用哈希密码的方法.
如果您有任何后续问题,这篇baeldung博客文章将为您提供帮助.
https://www.baeldung.com/spring-security-jdbc-authentication
希望这会有所帮助.
Following the topical guide here and adding a BCrypt password encoder based on Baeldung's example here I have configured my Spring Boot application to use my database (set up separately, not auto-generated by an ORM or something) as its source of user details for authentication. This part of my security configuration (here) looks like this:
@Override
public void configure(AuthenticationManagerBuilder builder) throws Exception {
builder .jdbcAuthentication()
.dataSource(dataSource)
.withUser(User.withUsername("admin").password(passwordEncoder().encode("pass")).roles("SUPER"));
logger.debug("Configured app to use JDBC authentication with default database.");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
On the first run, this works, creating a user called 'admin' with a hashed password and the specified role in the database. (This is a PostgreSQL database for what it's worth.) However, if I try to run the app again, it fails to start, crashing because it tried to create the same user again and got a duplicate primary key error.
What I'd like: I'd like Spring Boot to create the default user if it doesn't already exist, skip over it if one already exists.
Why: It is necessary to be able to log in to a newly initialized copy of the application, sometimes restarting several times, for testing and for experimentation on the developer's machine. My "production" database should already have an 'admin' login and the app should not overwrite it, or crash because it cannot.
My question, therefore, is: How can I initialize a default user in Spring Boot's jdbcAuthentication
configuration in such a way that Spring Boot won't crash if the username already exists?
Alternatively: If I could INSERT
a default user into the database with SQL when the database is spun up, I wouldn't need to do it in the Spring Boot configuration. But I don't know how to hash a password in an INSERT
statement in a way that matches Spring Boot's hashing.
PS: I have another issue with my new configuration breaking some automated test classes (see the other question if interested).
You can use the alternative solution that you have thought using the option .withDefaultSchema()
with the jdbcauthentication that you are using. As you have mentioned in that alternative that you may have to figure out way to use hashed password in that script.
Should you have any followup question, this baeldung blog post will help you.
https://www.baeldung.com/spring-security-jdbc-authentication
Hope this helps.
这篇关于如何使用默认用户名/密码初始化Spring Boot安全配置,但在第二次运行时不会崩溃?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!