• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Spring Security - Basic auth

 
Greenhorn
Posts: 29
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I am trying to learn spring security and just created an API with basic auth. Is there any way to not hardcode the password within the app?

Thanks,
Raja
 
Bartender
Posts: 1945
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Raja,
You can encode the password in a database. Here is an example : https://www.baeldung.com/spring-security-registration-password-encoding-bcrypt
 
Himai Minh
Bartender
Posts: 1945
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Raja,
You may also find this tutorial helpful :https://www.kindsonthegenius.com/2019/07/14/spring-security-tutorial-storing-user-credential-in-mysql-database/
 
Raja Avrv
Greenhorn
Posts: 29
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Himai Minh wrote:Hi Raja,
You can encode the password in a database. Here is an example : https://www.baeldung.com/spring-security-registration-password-encoding-bcrypt



Hello Himai,

If I don't have a DB, then is it just done by hardcoding like this?
 
Himai Minh
Bartender
Posts: 1945
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,
You may want to add an encoder to encode the password:
 
Raja Avrv
Greenhorn
Posts: 29
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Himai Minh wrote:Hi ,
You may want to add an encoder to encode the password:



Sure, thank you but the "myPassword" above will be the actual password in plain text, correct?
 
Sheriff
Posts: 22002
107
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can read users and their passwords from a property file. I don't know if there's already support for that, otherwise just read the file and call that .password method for each entry.
 
Himai Minh
Bartender
Posts: 1945
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We can put username and password in a properties file and use @Value to inject them.
Here are examples:
https://www.baeldung.com/properties-with-spring
https://stackoverflow.com/questions/54477000/can-i-load-username-and-password-by-file-in-spring-boot-hibernate
 
Saloon Keeper
Posts: 22503
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you're using Spring Security in web applications, I'm fairly sure that it can tie in with the JEE standard security framework (container-managed authentication and authorization).

When you use container security, both the mechanism for authentication and authorization (Realm) and the database used by the Realm are externally-configurable options built into the web application server, not the application. In a case like that, Spring Security would simply invoke the container security API when it could and handle the finer points itself.
 
What is that? Is that a mongol hoarde? Can we fend them off with this tiny ad?
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic