• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Spring Security no xml. How to configure MD5 Password Encoder

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm using spring security with MySql for the database. Spring Security version is 3.2.0.RELEASE

First, I know MD5 should be swapped out with BCrypt encryption. I'm trying to teach myself spring security via the annotation method (@Configuration, @EnableWebSecurity). I was using an old program that had an MD5 password encoder defined.

If I was using spring security with xml files and had:



What would be the equivalent way to implement this without the use of the xml file?

I currently do have this running with unencrypted passwords so I know it is working.

Here's my code:
MvcWebApplicationInitializer


RootConfig.java


SecurityConfig.java


WebMvcConfiguration.java


WebAppConfig


LoginServiceMySqlImpl


Let me know if you need anymore information. If you want, you can use BCrypt with your example. I followed some spring examples and did create a test user in my user database table that has a BCrypt password. I appreciate anyone who can provide some guidance with this. Thanks!
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In your Root Config class, add:



If this doesn't work, post what error message you get or why it doesn't work.
 
Tom Rose
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, I added that to my root config and placed a system out in the method just to confirm the bean was loading. This didn't seem to solve the problem. I have 2 users created in my user table. One named user1 with password "cleartext" and second user2 with password (encrypted with MD5 when added to the mysql database). I was unable to authenticate with user2 but still was able to authenticate with user1 which seems to tell me that the password encoder is not registering on the spring side with the form password.


Jeanne Boyarsky wrote:In your Root Config class, add:



If this doesn't work, post what error message you get or why it doesn't work.

 
Bartender
Posts: 1682
7
Android Mac OS X IntelliJ IDE Spring Linux
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Configure it on your AuthenticationManager. In your case you probably want the global one.



Your WebApplicationInitializer looks good but I don't see one to also register the SpringSecurity Filter chain

Add another one that looks like this, it can be empty the abstract class does the work:



 
Tom Rose
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you very much! It's now working. I did have an object defined that extended AbstractSecurityWebApplicationInitializer, just forgot to include it in my sample code.

Again thank you everyone for your help. Happy New Year to all.


Bill Gorder wrote:Configure it on your AuthenticationManager. In your case you probably want the global one.



Your WebApplicationInitializer looks good but I don't see one to also register the SpringSecurity Filter chain

Add another one that looks like this, it can be empty the abstract class does the work:



 
If you are using a rototiller, you are doing it wrong. Even on this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic