@Karthick When spring security dependency is added, spring security class UserDetailsServiceAutoConfiguration detects (default) a user credentials it will try to create spring security context and those values are been set in the InMemoryUserDetailsManager. Spring security class UserDetailsServiceAutoConfiguration uses different hashing algorithm which is not the same as camunda password hashing algorithm (assuming). So the solution to the problem is exclude the spring security dependency. The difference in the log you can found after excluding the spring security dependency is below log won’t appear.
2020-04-11 16:35:59.662 INFO 20982 — [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: a2339f99-8c27-4746-9693-c2bf891d9506
Spring security generates credentials from this class SecurityProperties#User:
public InMemoryUserDetailsManager inMemoryUserDetailsManager(SecurityProperties properties,
ObjectProvider<PasswordEncoder> passwordEncoder) {
SecurityProperties.User user = properties.getUser();
List<String> roles = user.getRoles();
return new InMemoryUserDetailsManager(
User.withUsername(user.getName()).password(getOrDeducePassword(user, passwordEncoder.getIfAvailable()))
.roles(StringUtils.toStringArray(roles)).build());
}
private String getOrDeducePassword(SecurityProperties.User user, PasswordEncoder encoder) {
String password = user.getPassword();
if (user.isPasswordGenerated()) {
logger.info(String.format("%n%nUsing generated security password: %s%n", user.getPassword()));
}
if (encoder != null || PASSWORD_ALGORITHM_PATTERN.matcher(password).matches()) {
return password;
}
return NOOP_PASSWORD_PREFIX + password;
}
class User {
// Default user name.
private String name = "user";
//Password for the default user name.
private String password = UUID.randomUUID().toString();
}
If you want to give a try with spring generated credentials, you can try with username as “user” and password can be found in application startup log which is UUID.randomUUID().toString(). But I dont think you can able to login with spring security generated credentials, so better remove security and try with demo/demo.