It all started with a colleague’s project to integrate the company’s single sign-on system, but couldn’t jump to the normal login page anyway. Instead, you keep redirecting to another login page.

But the code is pretty simple. Let’s simplify it

@Controller
public class SecurityTestController {

  @GetMapping("/myLogin")
  public String login(a) {
    return "login";
  }

  @GetMapping("/")
  public String homePage(a) {
    return "homePage"; }}Copy the code

It was found that neither “/myLogin” nor “/” could bypass the login, and neither method could be accessed even if a breakpoint was set.

As he had never contacted Securtiy before, he thought it was another login system of the company and asked his colleague to enter the company domain account and password, but he failed to enter the system. Finally, a colleague found out it was Securtiy by searching “please sign in” + “spring”.

How do I log in to spring Boot? How do I close the login box?

First question, how do I log in?

We can see from the startup log that there is such a log

So, this is the password used to log in. What’s the username? This can enter UserDetailsServiceAutoConfiguration see exactly.

Then go ahead and look at securityproperties.user.

As you can see from the code, if no configuration is done, the User information for Spring Security, name is User and paasword is UUID, will be printed in the startup log.

In the login dialog box, enter “user” + the password in the log to log in.

Define the user name and password

The login name and password can be specified in the application.properties file

spring.security.user.name=admin
spring.security.user.password=admin
Copy the code
Second question, is there a way to turn off login?
Disabling Automatic Configuration

When we just introduced Spring Securtiy’s Starter, we saw that access would have input boxes. SpringBoot’s autoConfig must have configured something for us. You can turn off login by turning off Securtiy’s autoConfig.

Can be added on the startup class

@SpringBootApplication(exclude = {SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class})
Copy the code

Or add it to the application.properties file

spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoc onfigure.security.servlet.ManagementWebSecurityAutoConfiguration
Copy the code

Notice my project, in addition to SecurityAutoConfiguration be rule out, and ManagementWebSecurityAutonConfiguration exclusion, this class is introduced in the physical. If there is a use physical project, you will need to rule out ManagementWebSecurityAutonConfiguration at the same time.

Custom WebSecurityConfigureAdapter close the login box
@Component
public class MySecurtiyConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // Configure other security-related content

    // Close the login boxhttp.formLogin().disable(); }}Copy the code

The second option is recommended because there is definitely a business need to introduce Spring-Security to customize login verification information.