How to add a user to an embedded tomcat in a spring boot application?

Question

I am trying to create a spring boot application, everything runs fine except when I have to insert the username and password when I access localhost:8080. I don't know how to add a new tomcat user to the embedded tomcat from my app.

This is my pom xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.mastercrafters</groupId>
    <artifactId>mastercrafters</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>mastercrafters</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.4.0.BUILD-SNAPSHOT</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

    <repositories>
        <repository>
            <id>spring-snapshots</id>
            <name>Spring Snapshots</name>
            <url>https://repo.spring.io/snapshot</url>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
        <repository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
        </repository>
    </repositories>
    <pluginRepositories>
        <pluginRepository>
            <id>spring-snapshots</id>
            <name>Spring Snapshots</name>
            <url>https://repo.spring.io/snapshot</url>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </pluginRepository>
        <pluginRepository>
            <id>spring-milestones</id>
            <name>Spring Milestones</name>
            <url>https://repo.spring.io/milestone</url>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
        </pluginRepository>
    </pluginRepositories>

</project>

And here is the structure of my project where tomcat is visible:

How can I disable the login from application.properties if possible or what solution is for this problem ? Many thanks in advance !

Answer 1

You have Spring Security as a dependency.

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

If Spring security is on the classpath and no security config is made in your application, Spring will configure basic authentication. This is a fail safe. You can find the generated username and password in your console.

You have two options:

• If you don't want a login system, remove the spring security dependency
• If you do want security, you need to configure spring security so that spring knows what authentication mechanism is used (basic, form, oauth, etc.) and how to authenticate users.

Answer 2

您需要阅读有关默认Spring Security Filter Chain如何工作的更多信息 - 您不需要Tomcat用户（就像您想要访问Tomcat Manager应用程序一样） - 您需要允许Anonymous Auth或其他形式的Autnetication它将拒绝任何对该服务的请求。

Answer 3

You can refer below link to configure Embedded tomcat through application.properties file only. You can also use external tomcat where you can give tomcat-users.xml as before.

server.tomcat.basedir= # Tomcat base directory. If not specified a temporary directory will be used.

http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-create-a-deployable-war-file

Answer 4

In spring boot 2.x , you can use the default security settings (default user and password printed to the console), or can implement your own UserDetailsService , as described in spring-boot documentation here and here ;

This is a detailed example on how to dynamically set your own user/password: stackoverflow link