- Hands-On Spring Security 5 for Reactive Applications
- Tomcy John
- 147字
- 2021-07-23 18:59:23
In-memory user storage
As mentioned earlier, for various testing purposes, it's better to store the user credentials and then authenticate in memory than to use a proper database, such as MySQL. For this, just change the Spring Security configuration file (SpringSecurityConfig.java) by adding the following method:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin")
.password("{noop}admin@password")
//{noop} makes sure that the password encoder doesn't do anything
.roles("ADMIN") // Role of the user
.and()
.withUser("user")
.password("{noop}user@password")
.credentialsExpired(true)
.accountExpired(true)
.accountLocked(true)
.roles("USER");
}
It's important to note that the password has a prefix, {noop}, attached to it. This ensures that when the password is validated, no encoding is carried out. This is one way to avoid having password encoding errors when you run the project.
The full source code, as a fully fledged project, can be found on this book's GitHub page in the jetty-in-memory-basic-authentication project.
推薦閱讀