Simple way to temporary disable password authentication for ordinary Spring Boot apps.
Full article (in russian) here , Habr.
This is my small "single class" Java Agent which disables password-based authentication, without touch application sources. So when agent attached, you can easily authenticate in your app by using any text as 'password'.
Basically it does:
return new BCryptPasswordEncoder() {
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return true;
}
};
but with Javassist and Java Instrumentation API.
You need Apache Maven >3.5 installed, to compile just run:
mvn clean package
After that, in "target" folder should be "butterfly.jar"
Attach this agent and run as:
java -javaagent:</full/path/to/butterfly.jar> -jar your-spring-boot-app.jar