I'm using spring security with MySql for the database. Spring Security version is 3.2.0.RELEASE
First, I know MD5 should be swapped out with BCrypt encryption. I'm trying to teach myself spring security via the annotation method (@Configuration, @EnableWebSecurity). I was using an old program that had an MD5 password encoder defined.
If I was using spring security with xml files and had:
What would be the equivalent way to implement this without the use of the xml file?
I currently do have this running with unencrypted passwords so I know it is working.
Here's my code:
Let me know if you need anymore information. If you want, you can use BCrypt with your example. I followed some spring examples and did create a test user in my user database table that has a BCrypt password. I appreciate anyone who can provide some guidance with this. Thanks!
OK, I added that to my root config and placed a system out in the method just to confirm the bean was loading. This didn't seem to solve the problem. I have 2 users created in my user table. One named user1 with password "cleartext" and second user2 with password (encrypted with MD5 when added to the mysql database). I was unable to authenticate with user2 but still was able to authenticate with user1 which seems to tell me that the password encoder is not registering on the spring side with the form password.
Jeanne Boyarsky wrote:In your Root Config class, add:
If this doesn't work, post what error message you get or why it doesn't work.