File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Spring and the fly likes Spring Security no xml.  How to configure MD5 Password Encoder Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security no xml.  How to configure MD5 Password Encoder" Watch "Spring Security no xml.  How to configure MD5 Password Encoder" New topic
Author

Spring Security no xml. How to configure MD5 Password Encoder

Tom Rose
Greenhorn

Joined: Apr 10, 2012
Posts: 5
I'm using spring security with MySql for the database. Spring Security version is 3.2.0.RELEASE

First, I know MD5 should be swapped out with BCrypt encryption. I'm trying to teach myself spring security via the annotation method (@Configuration, @EnableWebSecurity). I was using an old program that had an MD5 password encoder defined.

If I was using spring security with xml files and had:



What would be the equivalent way to implement this without the use of the xml file?

I currently do have this running with unencrypted passwords so I know it is working.

Here's my code:
MvcWebApplicationInitializer


RootConfig.java


SecurityConfig.java


WebMvcConfiguration.java


WebAppConfig


LoginServiceMySqlImpl


Let me know if you need anymore information. If you want, you can use BCrypt with your example. I followed some spring examples and did create a test user in my user database table that has a BCrypt password. I appreciate anyone who can provide some guidance with this. Thanks!
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30050
    
149

In your Root Config class, add:



If this doesn't work, post what error message you get or why it doesn't work.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Tom Rose
Greenhorn

Joined: Apr 10, 2012
Posts: 5
OK, I added that to my root config and placed a system out in the method just to confirm the bean was loading. This didn't seem to solve the problem. I have 2 users created in my user table. One named user1 with password "cleartext" and second user2 with password (encrypted with MD5 when added to the mysql database). I was unable to authenticate with user2 but still was able to authenticate with user1 which seems to tell me that the password encoder is not registering on the spring side with the form password.


Jeanne Boyarsky wrote:In your Root Config class, add:



If this doesn't work, post what error message you get or why it doesn't work.
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1646
    
    7

Configure it on your AuthenticationManager. In your case you probably want the global one.



Your WebApplicationInitializer looks good but I don't see one to also register the SpringSecurity Filter chain

Add another one that looks like this, it can be empty the abstract class does the work:




[How To Ask Questions][Read before you PM me]
Tom Rose
Greenhorn

Joined: Apr 10, 2012
Posts: 5
Thank you very much! It's now working. I did have an object defined that extended AbstractSecurityWebApplicationInitializer, just forgot to include it in my sample code.

Again thank you everyone for your help. Happy New Year to all.


Bill Gorder wrote:Configure it on your AuthenticationManager. In your case you probably want the global one.



Your WebApplicationInitializer looks good but I don't see one to also register the SpringSecurity Filter chain

Add another one that looks like this, it can be empty the abstract class does the work:



 
Don't get me started about those stupid light bulbs.
 
subject: Spring Security no xml. How to configure MD5 Password Encoder
 
Similar Threads
Spring Security 3 - cant't access secured page
Spring security: initializing bean after succesful authentication?
Avoiding multiple logins from custom authenticationProvider to Third-Party-SOA
No Hibernate Session bound to thread, and configuration does not allow creation of non-transactional
Trying to figure out preauthentication