書名： Hands-On Spring Security 5 for Reactive Applications
作者名： Tomcy John
本章字?jǐn)?shù)： 147字
更新時間： 2021-07-23 18:59:23

In-memory user storage

As mentioned earlier, for various testing purposes, it's better to store the user credentials and then authenticate in memory than to use a proper database, such as MySQL. For this, just change the Spring Security configuration file (SpringSecurityConfig.java) by adding the following method:

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
   auth
.inMemoryAuthentication()
           .withUser("admin")
           .password("{noop}admin@password") 
//{noop} makes sure that the password encoder doesn't do anything
           .roles("ADMIN") // Role of the user
           .and()
           .withUser("user")
           .password("{noop}user@password")
           .credentialsExpired(true)
           .accountExpired(true)
           .accountLocked(true)
           .roles("USER");
}

It's important to note that the password has a prefix, {noop}, attached to it. This ensures that when the password is validated, no encoding is carried out. This is one way to avoid having password encoding errors when you run the project.

The full source code, as a fully fledged project, can be found on this book's GitHub page in the jetty-in-memory-basic-authentication project.

官术网_书友最值得收藏!

Hands-On Spring Security 5 for Reactive Applications

In-memory user storage