002springSecurity之临时密码及默认用户名生成原理

 临时密码如何生成并且用户名为什么是user，在哪里定义？

临时密码为一个UUID串，在UserDetailsServiceAutoConfiguration类中我们可以看到：

private String getOrDeducePassword(SecurityProperties.User user, PasswordEncoder encoder) {
		//获取密码
        String password = user.getPassword();
        //isPasswordGenerated为true时打印user中的密码
		if (user.isPasswordGenerated()) {
			logger.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword()));
		}
		if (encoder != null || PASSWORD_ALGORITHM_PATTERN.matcher(password).matches()) {
			return password;
		}
		return NOOP_PASSWORD_PREFIX + password;
	}

查看SecurityProperties中User类的源码：

public static class User {

		/**
		 * Default user name.默认用户名user
		 */
		private String name = "user";

		/**
		 * Password for the default user name. 默认密码为UUID
		 */
		private String password = UUID.randomUUID().toString();

		/**
		 * Granted roles for the default user name.
		 */
		private List roles = new ArrayList<>();

       //该值默认为true
		private boolean passwordGenerated = true;

		public String getName() {
			return this.name;
		}

		public void setName(String name) {
			this.name = name;
		}

		public String getPassword() {
			return this.password;
		}

		public void setPassword(String password) {
            //由于额外没有设置password
            //所以为空,即!StringUtils.hasLength(password)为true
			if (!StringUtils.hasLength(password)) {
				return;
			}
			this.passwordGenerated = false;
			this.password = password;
		}

		public List getRoles() {
			return this.roles;
		}

		public void setRoles(List roles) {
			this.roles = new ArrayList<>(roles);
		}

		public boolean isPasswordGenerated() {
           //默认返回true
			return this.passwordGenerated;
		}

	}

通过上边两段代码可以看出程序调用UserDetailsServiceAutoConfiguration类中的getOrDeducePassword方法，由于一切没有额外设置，则默认isPasswordGenerated返回值为true,密码为初始化的UUID，用户名为初始化的user