diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java index 862af6ec5b6..ce13fdd677a 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java @@ -128,7 +128,7 @@ public class AuthenticationManagerConfiguration extends User user = AuthenticationManagerConfiguration.this.security.getUser(); if (user.isDefaultPassword()) { - logger.info("\n\nUsing default password for application endpoints: " + logger.info("\n\nUsing default security password: " + user.getPassword() + "\n\n"); } diff --git a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc index 7aa57663f5c..d29a8ccf306 100644 --- a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc +++ b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc @@ -256,9 +256,9 @@ protected. By default ``basic'' authentication will be used with the username `u and a generated password (which is printed on the console when the application starts). TIP: Generated passwords are logged as the application starts. Search for ``Using default -password for application endpoints''. +security password''. -You can use Spring properties to change the username and passsword and to change the +You can use Spring properties to change the username and password and to change the security role required to access the endpoints. For example, you might set the following in your `application.properties`: @@ -453,7 +453,9 @@ on `org.crsh:crsh.shell.telnet`. === Connecting to the remote shell By default the remote shell will listen for connections on port `2000`. The default user is `user` and the default password will be randomly generated and displayed in the log -output, you should see a message like this: +output. If your application is using Spring Security, the shell will use +<> by default. If not, a simple +authentication will be applied and you should see a message like this: [indent=0] ---- diff --git a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc index d030ba92f7c..8e51ea5522b 100644 --- a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc +++ b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc @@ -1089,9 +1089,16 @@ Additional information can be found in the {spring-security-reference}#jc-method Security Reference]. The default `AuthenticationManager` has a single user (``user'' username and random -password, printed at INFO level when the application starts up). You can change the -password by providing a `security.user.password`. This and other useful properties are -externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`] +password, printed at INFO level when the application starts up) + +[indent=0] +---- + Using default security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35 +---- + +You can change the password by providing a `security.user.password`. This and other +useful properties are externalized via +{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`] (properties prefix "security"). The default security configuration is implemented in `SecurityAutoConfiguration` and in