In spring boot security, we will see about how to change default username and password in spring boot security and how to remove the generated password from the console log in spring boot security. The default user name and password for the spring boot security application must be changed due to security reasons. Here we’ll see how to change it by removing the generated security password.
This post is the follow-up to https://www.yawintutor.com/spring-boot-security-step-by-step-1/ page. Please read the step by step 1 page.
Default username and password in Spring Boot
In spring boot security, the default user name is “user”. The default password is printed in the console. The code below shows how the default password is printed in the console window.
username : user password : <generated security password> sample password is e8f5e82c-0d2c-4ace-994d-f9d5e9e6e7a0
The console log is shows as “Using generated security password: “. The actual generated password is shown as like uuid code. The default password is a hex decimal code. Each time, the spring boot application is started, the new default password is generated.
2020-02-01 19:02:34.093 INFO 68504 --- [ main] .s.s.UserDetailsServiceAutoConfiguration : Using generated security password: e8f5e82c-0d2c-4ace-994d-f9d5e9e6e7a0 2020-02-01 19:02:34.166 INFO 68504 --- [ main] o.s.s.web.DefaultSecurityFilterChain :
How to change default username and password
The spring boot application will display the login page by default if the security module is enabled. The default user name is “user” and the password is generated every time the application is restarted. The generated security password is shown in the startup log of the spring boot application console. The default password is a uuid format.
The default password for each restart is changed. It is therefore necessary to check the log of the console to log in to the application. If the log is rollover, it is not possible to log in to the application until the application is restarted.
Keeping a custom user name and password will overcome all of the above issues in the spring boot security.
The spring boot security framework supports changing the default username and password by configuring it in the application.properties.
The following configurations allow you to change the default username and password for the spring boot application.
spring.security.user.name = yawintutor spring.security.user.password = password
The security password generated in the spring boot console log will disappear if you configure the above two lines in the application.properties file. Restart the application after the configuration and log in using the username and password mentioned above.