[FIXED] How to refuse Apache Tomcat login page?

Issue

I need to get access to my own home page that I created with Spring Boot. I created a simple controller that returns the HTML page

@Controller
public class HomePage{
    public String home(){
        return "home";
    }
}

The home.html is located in resources/templates/.

After I execute the project and get to the localhost:8080, the following page appeared:

logs:

Using generated security password: a4752144-65d7-456c-b250-97e58d4fffcd

This generated password is for development use only. Your security configuration must be updated before running your application in production.

2022-08-29 15:19:17.389  INFO 19260 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@2adce412, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@629cf53c, org.springframework.security.web.context.SecurityContextPersistenceFilter@1fc386f8, org.springframework.security.web.header.HeaderWriterFilter@d7c4fcb, org.springframework.security.web.csrf.CsrfFilter@72d7afff, org.springframework.security.web.authentication.logout.LogoutFilter@2cd31214, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@5857d723, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@78ab63b5, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@6d84ab90, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@362fd4e9, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3777fc44, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@79454d8e, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3182143c, org.springframework.security.web.session.SessionManagementFilter@498503cb, org.springframework.security.web.access.ExceptionTranslationFilter@6d38a81d, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@294bb6ae] 2022-08-29 15:19:17.543  INFO 19260 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path '' 2022-08-29 15:19:17.553  INFO 19260
--- [           main] com...Application  : Started DeardiaryApplication in 8.385 seconds (JVM running for 9.464)

First of all - I can't use the provided password: neither admin nor root username does not match this password and I receive bad credentials error, I also tried admin-tomcat, both-tomcat username-password pairs as I found in the tutorials, but nothing do not match.

But the main issue is that I, of course, do not need to use any password for access to my own page. Early I developed some projects, using spring-boot, and I don't remember I faced such problems. I do not install any tomcat servers by the handle, I just include them in my project via build.gradle:

plugins {
    id 'org.springframework.boot' version '2.7.3'
    id 'io.spring.dependency-management' version '1.0.13.RELEASE'
    id 'java'
}

group = 'com.hltr'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '11'

repositories {
    mavenCentral()
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
    implementation group: 'mysql', name: 'mysql-connector-java', version: '8.0.30'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
    testImplementation 'org.springframework.security:spring-security-test'
}

tasks.named('test') {
    useJUnitPlatform()
}

So, how to avoid the Apache Tomcat login page and get access to my project?

Solution

This is not default Apache login page. It is default login page of Spring Security (basic authentication).

Focus at

Using generated security password: a4752144-65d7-456c-b250-97e58d4fffcd

Login by username: admin password: a4752144-65d7-456c-b250-97e58d4fffcd (this is an UUID version 4 string)

If you don't want to see this page, remove dependency of Spring Security by removing this line

implementation 'org.springframework.boot:spring-boot-starter-security'

If you want set default username and password pair (account) by your choice, inside file application.properties, add content like this

spring.security.user.name=valentyn_hruzytskyi
spring.security.user.password=MyScrET42

Answered By - Do Nhu Vy
Answer Checked By - Marilyn (JavaFixing Volunteer)