Improve remote shell security documentation

Previous to this commit, the remote shell security configuration described that a default password will be generated with no extra configuration. Actually, when Spring Security is configured for the application, the remote shell reuses that configuration by default. It turns out that the default log message is confusing as it was referring to "application endpoints". Updated that log to a more generic log message and updated doc accordingly. Fixes gh-779
11 years ago · a330cb9b8a
parent 0f738be114
commit a330cb9b8a
3 changed files with 16 additions and 7 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java
@ -128,7 +128,7 @@ public class AuthenticationManagerConfiguration extends

 			User user = AuthenticationManagerConfiguration.this.security.getUser();
 			if (user.isDefaultPassword()) {
-				logger.info("\n\nUsing default password for application endpoints: "
+				logger.info("\n\nUsing default security password: "
 						+ user.getPassword() + "\n\n");
 			}

--- a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
+++ b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
@ -256,9 +256,9 @@ protected. By default ``basic'' authentication will be used with the username `u
 and a generated password (which is printed on the console when the application starts).

 TIP: Generated passwords are logged as the application starts. Search for ``Using default
-password for application endpoints''.
+security password''.

-You can use Spring properties to change the username and passsword and to change the
+You can use Spring properties to change the username and password and to change the
 security role required to access the endpoints. For example, you might set the following
 in your `application.properties`:

@ -453,7 +453,9 @@ on `org.crsh:crsh.shell.telnet`.
 === Connecting to the remote shell
 By default the remote shell will listen for connections on port `2000`. The default user
 is `user` and the default password will be randomly generated and displayed in the log
-output, you should see a message like this:
+output. If your application is using Spring Security, the shell will use
+<<boot-features-security, the same configuration>> by default. If not, a simple
+authentication will be applied and you should see a message like this:

 [indent=0]
 ----
--- a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
+++ b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
@ -1089,9 +1089,16 @@ Additional information can be found in the {spring-security-reference}#jc-method
 Security Reference].

 The default `AuthenticationManager` has a single user (``user'' username and random
-password, printed at INFO level when the application starts up). You can change the
-password by providing a `security.user.password`. This and other useful properties are
-externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
+password, printed at INFO level when the application starts up)
+
+[indent=0]
+----
+	Using default security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35
+----
+
+You can change the password by providing a `security.user.password`. This and other
+useful properties are externalized via
+{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
 (properties prefix "security").

 The default security configuration is implemented in `SecurityAutoConfiguration` and in