Spring Boot 2.0.0 + OAuth2

by

Spring Security 5 uses a modernized password storage, see OAuth2 Autoconfig:

If you use your own authorization server configuration to configure the list of valid clients through an instance of ClientDetailsServiceConfigurer as shown below, take note that the passwords you configure here are subject to the modernized password storage that came with Spring Security 5.

To solve your problem, see Spring Security Reference:

Troubleshooting

The following error occurs when one of the passwords that are stored has no id as described in the section called “Password Storage Format”.

java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
     at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:233)
     at org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:196)

The easiest way to resolve the error is to switch to explicitly provide the PasswordEncoder that you passwords are encoded with. The easiest way to resolve it is to figure out how your passwords are currently being stored and explicitly provide the correct PasswordEncoder. If you are migrating from Spring Security 4.2.x you can revert to the previous behavior by exposing a NoOpPasswordEncoder bean. For example, if you are using Java Configuration, you can create a configuration that looks like:

Reverting to NoOpPasswordEncoder is not considered to be secure. You should instead migrate to using DelegatingPasswordEncoder to support secure password encoding.

@Bean
public static NoOpPasswordEncoder passwordEncoder() {
    return NoOpPasswordEncoder.getInstance();
}

if you are using XML configuration, you can expose a PasswordEncoder with the id passwordEncoder:

<b:bean id="passwordEncoder"
   class="org.springframework.security.crypto.NoOpPasswordEncoder" factory-method="getInstance"/>

Alternatively, you can prefix all of your passwords with the correct id and continue to use DelegatingPasswordEncoder. For example, if you are using BCrypt, you would migrate your password from something like:

$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG

to

{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG

More Related Contents:

  1. Springboot Security hasRole not working
  2. Spring Security: Upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.0
  3. Should I explicitly send the Refresh Token to get a new Access Token – JWT
  4. Spring Security with SOAP web service is working in Tomcat, but not in WebLogic
  5. Spring Boot 2.0 disable default security
  6. I can’t update my webapp to Spring Boot 2.6.0 (2.5.7 works but 2.6.0 doesn’t)
  7. How to configure CORS in a Spring Boot + Spring Security application?
  8. Filter invoke twice when register as Spring bean
  9. Serving static web resources in Spring Boot & Spring Security application
  10. Spring boot Security Disable security
  11. Spring Boot & JPA: Implementing search queries with optional, ranged criteria
  12. Disable Logback in SpringBoot
  13. Spring Boot CORS filter – CORS preflight channel did not succeed
  14. How to disable ‘X-Frame-Options’ response header in Spring Security?
  15. Disable security for unit tests with spring boot
  16. How to enable HTTP response caching in Spring Boot
  17. 401 instead of 403 with Spring Boot 2
  18. Gradle 5 JUnit BOM and Spring Boot Incorrect Versions
  19. Spring boot – configure EntityManager
  20. Entity Class name is transformed into SQL table name with underscores
  21. Multiple WebSecurityConfigurerAdapter in spring boot for multiple patterns
  22. Spring Boot ClassNotFoundException org.springframework.core.metrics.ApplicationStartup
  23. Securing Spring Boot API with API key and secret
  24. Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints
  25. Eureka and Kubernetes
  26. Stop consume message for Stream listener
  27. How to use multiple login pages one for admin and the other one for user
  28. How to convert a Spring-Boot web service into a Docker image?
  29. Precedence order among properties file, YAML file, and Command Line arguments in SpringBoot
  30. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations

Leave a Comment