- Hands-On Spring Security 5 for Reactive Applications
- Tomcy John
- 147字
- 2021-07-23 18:59:23
In-memory user storage
As mentioned earlier, for various testing purposes, it's better to store the user credentials and then authenticate in memory than to use a proper database, such as MySQL. For this, just change the Spring Security configuration file (SpringSecurityConfig.java) by adding the following method:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin")
.password("{noop}admin@password")
//{noop} makes sure that the password encoder doesn't do anything
.roles("ADMIN") // Role of the user
.and()
.withUser("user")
.password("{noop}user@password")
.credentialsExpired(true)
.accountExpired(true)
.accountLocked(true)
.roles("USER");
}
It's important to note that the password has a prefix, {noop}, attached to it. This ensures that when the password is validated, no encoding is carried out. This is one way to avoid having password encoding errors when you run the project.
The full source code, as a fully fledged project, can be found on this book's GitHub page in the jetty-in-memory-basic-authentication project.
推薦閱讀
- 網絡安全與管理
- Kali Linux Social Engineering
- INSTANT Burp Suite Starter
- 數據安全實踐指南
- 諸神之眼:Nmap網絡安全審計技術揭秘
- 黑客攻防與網絡安全從新手到高手(絕招篇)
- Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
- Cybersecurity Threats,Malware Trends,and Strategies
- 交換機·路由器·防火墻(第2版)
- 隱私保護機器學習
- Metasploit 5.0 for Beginners
- 密碼朋克:自由與互聯網的未來
- 大數據時代的智慧城市與信息安全
- Cisco Firepower威脅防御(FTD)設備的高級排錯與配置
- INSTANT Penetration Testing:Setting Up a Test Lab How-to