StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POAuthentication in Spring Security whith encoded password
text
Body
copied!<p>Have simple Spring Security webapp with password encoding:</p> <pre><code><security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="personService"> <security:password-encoder hash="md5" ref="passwordEncoder">  </security:password-encoder> </security:authentication-provider> </security:authentication-manager> </code></pre> <p>Encoding also simple:</p> <pre><code> person.setPassword(encoder.encodePassword(person.getPassword(), null)); </code></pre> <p>So in DataBase all passwords will be encoded. Now I want to do authentication of some user with certain username within the apllication. Before(when passswords was in plaintext) it was like this:</p> <pre><code>UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( username, password); Authentication authentication = authenticationManager.authenticate(token); SecurityContextHolder.getContext().setAuthentication(authentication); </code></pre> <p>But now I get encoded password from DB and cant do authentication as before.</p> <p>The problem. that Spring dont know that password cames from UsernamePasswordAuthenticationToken already encoded. And he is encoding it it second time. Who can help?</p> <p><strong>Edit</strong></p> <p>So I see two solutions here:</p> <ol> <li>implement custom DaoAuthenticationProvider where add check if both passwords already hashed</li> <li>implement custom Authentication and put it in security context manually.</li> </ol> <p>Any others? What is the best?</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload