Password Encrypt and Decrypt Using Spring-Security

Password Encryption / Decryption using Spring

Take a look at the PasswordEncoder.

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-services.html

Password encrypt and decrypt using Spring-security

I stored application username, password in a text file in server. I then used a plugin to encrypt and decrypt them and use in my application. this way I can checkin the entire code in to git which will have no passwords at all..

Password encryption/decryption Spring security

MD5 is a one-way algorithm. This is not a one-to-one mapping. There is no way to decrypt its output.

When working with stored MD5 encrypted passwords, you must authenticate users by encrypting their input and comparing the result to the stored encrypted password.

Password encryption in Spring MVC

Can you clarify if you are looking for Spring Security or Spring MVC. Your question title is ""Password encryption in "Spring MVC" whereas you have tagged the question for Spring Security.

Spring security suggests to use the following
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

http://docs.spring.io/spring-security/site/docs/4.2.1.RELEASE/reference/html/core-services.html#core-services-password-encoding

Spring Security-encrypted string - decryption in Go fails

Password encoding and decoding using Spring Security, Spring Boot and MongoDB

First read Steven Carlson´s answer about password hashing.

The good thing is that Spring Security will do this for you. Spring Security 3.2 introduced the new org.springframework.security.crypto.password.PasswordEncoder interface and some implementations: BCryptPasswordEncoder, StandardPasswordEncoder (and NoOpPasswordEncoder).

Important: Do not confuse org.springframework.security.crypto.password.PasswordEncoder with the old deprecated org.springframework.security.authentication.encoding.PasswordEncoder

The interface (and therefore the implementations) has the two methods you need:

  • public String encode(CharSequence rawPassword)
  • public boolean matches(CharSequence rawPassword, String encodedPassword)

I recommend to use org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.
The BCryptPasswordEncoder (in contrast to the StandardPasswordEncoder) use an salt that is different for each password (but not global like the one from StandardPasswordEncoder). When you encode a raw password (public String encode(CharSequence rawPassword)) then the returned encoded password is not just the encoded password, it also contains some meta information about the used hash-algorithm, the used salt and of course the encoded password.

Decode a password before login Spring Boot

I've found a solution, not sure if it is the best possible but it works, Spring uses a PasswordEncoder object to check that the password typed by the user match the stored (and hashed) password.

I was using a BCryptPasswordEncoder which uses the method matches(rawPass,encodedPass) to check the password, so i've created my own PasswordEncoder in this way

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.jdbcAuthentication()
    .usersByUsernameQuery(USER_QUERY)
    .authoritiesByUsernameQuery(ROLE_QUERY)
    .dataSource(dataSource)
    .passwordEncoder(new PasswordEncoder(){

        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();

        @Override
        public boolean matches(CharSequence rawPassword, String encodedPassword) {

            // Decoding stuff on the encrypted password sended by the client (rawPassword)

            return encoder.matches(decryptedPassword, encodedPassword);
        }

        @Override
        public String encode(CharSequence rawPassword) {
            //Same crypto operation to get the plain password
            return encoder.encode(decryptedPassword);
        }
    });
}

so the client send the encrypted password to the server, the custom PasswordEncoder decrypt it to get back the plain password then pass it to the BCryptPasswordEncoder, Spring security will handle the rest of the authentication process

AES Encryption/decryption using Spring Security

Spring security actually does not build encryption tools themselves - they deal more with authentication, login, sessions, and encoding (so, hashing passwords and that sort of thing). Take a look at http://www.jasypt.org/, which is commonly used with spring security if encryption/decryption is needed at the spring security level (http://www.jasypt.org/springsecurity.html).


Related Topics

No Primary or Default Constructor Found for Interface Java.Util.List Rest API Spring Boot

Dto Pattern: Best Way to Copy Properties Between Two Objects

Beanutils Copyproperties API to Ignore Null and Specific Propertie

Java Check If a String Is Valid Json or Valid Xml or Neither

How to Remove Duplicate and Sort Objects from Jsonarray Using Java

How to Write New Line Character to a File in Java

This Program Is About String Compression in Java

How to Get My Loops to Display Horizontally Instead of Vertically

Turning Sonar Off for Certain Code

Android Tv Recyclerview Set Next Focus of Its Item

Creating Random Numbers With No Duplicates

How to Wait for @Jmslistener Annotated Method to Complete in Junit

Spring - Thymeleaf: Exception Processing Template

How to Compare Two Objects and Find the Fields/Properties Changed

Iterate Through Each Digit in a Number

Find Duplicate Objects Based on Property in Java

How to Indicate to Spring Boot to Use Utc Time Zone for Date Parameters

How to Convert Xml to Java.Util.Map and Vice Versa


Leave a reply



Submit