How to add a new User with Spring Security without restart spring boot

After finishing startup spring boot, Spring Security’s configuration can not update . how to add new user or update user password or user role without restart spring boot? Because the page was redirected to the /login?error page, when I use new password to login.

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    MemberMapper memberMapper;

    Logger logger = Logger.getLogger(this.getClass());

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable();
        http.addFilterBefore(new loginFilter(), AnonymousAuthenticationFilter.class).
                authorizeRequests().antMatchers("/","/register/**","/log/**").permitAll();



        http.formLogin().loginPage("/log/toLogin") 
                        .loginProcessingUrl("/log/login") 
                        .usernameParameter("memacc")
                        .passwordParameter("mempwd")
                        .failureHandler(new AppsAuthenticationFailureHandler());;





        http.logout().logoutSuccessUrl("/");


    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        List<Members> allMembers = memberMapper.getAllMembers();

        for (Members members : allMembers){
            String[] roleList = members.getRoleList().split(",");
            auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser(members.getMemacc()).password(new BCryptPasswordEncoder().encode(members.getMempwd())).roles(roleList);
        }

    }
}

Answer

thanks all, I found the solution.

@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
MyUserDetailsService myUserDetailsService;

Logger logger = Logger.getLogger(this.getClass());

@Override
protected void configure(HttpSecurity http) throws Exception {
 
    http.csrf().disable();
    
    http.addFilterBefore(new loginFilter(), AnonymousAuthenticationFilter.class).
            authorizeRequests().antMatchers("/","/register/**","/log/**").permitAll();

    
    http.formLogin().loginPage("/log/toLogin")
                    .loginProcessingUrl("/log/login") 
                    .usernameParameter("memacc")
                    .passwordParameter("mempwd");
    http.logout().logoutSuccessUrl("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(myUserDetailsService);
}

} …

use the class implement UserDetailsService inteface. when user log in then authentate that user.

… @Service public class MyUserDetailsService implements UserDetailsService {

@Autowired
MemberMapper memberMapper;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

    Members member = memberMapper.getOneMemberByMemacc(username);
    if(member == null)
        throw new UsernameNotFoundException(username + " not found");
    UserDetails userDetails = User.builder()
            .username(member.getMemacc())
            .password("{noop}" + member.getMempwd())
            .roles(member.getRoleList()).build();
    return userDetails;
}

} …

Leave a Reply

Your email address will not be published. Required fields are marked *