1
1
.
.
2
2
D
D
e
e
f
f
i
i
n
n
e
e
U
U
s
s
e
e
r
r
s
s
I
I
n
n
f
f
o
o
Following tutorials show different ways to Define Users.
D
D
e
e
f
f
a
a
u
u
l
l
t
t
U
U
s
s
e
e
r
r
With Default User your Application can have a single User.
This means that only one User can log into your application to access its endpoints but
● you can't define Username (it is always user)
● you can't define Password (it is auto-generated every time you start Application)
Console
Using generated security password: 506e6f00-2b11-4036-96d6-74633e94da2d
U
U
s
s
e
e
r
r
d
d
e
e
f
f
i
i
n
n
e
e
d
d
i
i
n
n
a
a
p
p
p
p
l
l
i
i
c
c
a
a
t
t
i
i
o
o
n
n
.
.
p
p
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
With User defined in application.properties your Application can again only have a single User.
This means that only one User can log into your application to access its endpoints but
● this time you can define Username spring.security.user.name = myuser
● this time you can define Password spring.security.user.password = mypassword
● this time you can define Role spring.security.user.roles = USER
Using this setup you are good to go with Role Based Security.
But if you want you can expand application.properties with custom Properties to specify Authorities for each Role.
This way you can implement Authority Based Security.
But it will be very limited since your Application could still only have one User at the time.
Although each time you start Application you could change its Role and therefore its related Authorities.
application.properties
spring.security.user.name = myuser
spring.security.user.password = mypassword
spring.security.user.roles = USER, LOADER
U
U
s
s
e
e
r
r
s
s
d
d
e
e
f
f
i
i
n
n
e
e
d
d
i
i
n
n
A
A
P
P
I
I
o
o
r
r
D
D
B
B
With Users defined in API or DB you can have many Users with different Username, Password and Role.
Using this setup you are good to go with Role Based Security.
Additionally for each Role you could specify related Authorities.
This way you can implement Authority Based Security.
