- Hands-On Spring Security 5 for Reactive Applications
- Tomcy John
- 147字
- 2021-07-23 18:59:23
In-memory user storage
As mentioned earlier, for various testing purposes, it's better to store the user credentials and then authenticate in memory than to use a proper database, such as MySQL. For this, just change the Spring Security configuration file (SpringSecurityConfig.java) by adding the following method:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin")
.password("{noop}admin@password")
//{noop} makes sure that the password encoder doesn't do anything
.roles("ADMIN") // Role of the user
.and()
.withUser("user")
.password("{noop}user@password")
.credentialsExpired(true)
.accountExpired(true)
.accountLocked(true)
.roles("USER");
}
It's important to note that the password has a prefix, {noop}, attached to it. This ensures that when the password is validated, no encoding is carried out. This is one way to avoid having password encoding errors when you run the project.
The full source code, as a fully fledged project, can be found on this book's GitHub page in the jetty-in-memory-basic-authentication project.
推薦閱讀
- 計算機(jī)網(wǎng)絡(luò)安全技術(shù)(第6版·慕課版)
- 計算機(jī)使用安全與防護(hù)
- 數(shù)字安全藍(lán)皮書:本質(zhì)屬性與重要特征
- 諸神之眼:Nmap網(wǎng)絡(luò)安全審計技術(shù)揭秘
- 模糊測試:強(qiáng)制發(fā)掘安全漏洞的利器
- 軟件安全保障體系架構(gòu)
- 學(xué)電腦安全與病毒防范
- 空間群組密鑰管理研究:基于自主的深空DTN密鑰管理
- CTF特訓(xùn)營:技術(shù)詳解、解題方法與競賽技巧
- 網(wǎng)絡(luò)安全大數(shù)據(jù)分析與實戰(zhàn)
- INSTANT Apple Configurator How-to
- Bug Bounty Hunting Essentials
- Mastering Metasploit
- 聯(lián)邦學(xué)習(xí)原理與算法
- 黑客攻防與電腦安全從新手到高手(超值版)