Spring Boot: How to specify the PasswordEncoder?

by

In spring-security-core:5.0.0.RC1, the default PasswordEncoder is built as a DelegatingPasswordEncoder. When you store the users in memory, you are providing the passwords in plain text and when trying to retrieve the encoder from the DelegatingPasswordEncoder to validate the password it can’t find one that matches the way in which these passwords were stored.

Use this way to create users instead.

User.withDefaultPasswordEncoder().username("user").password("user").roles("USER").build();

You can also simply prefix {noop} to your passwords in order for the DelegatingPasswordEncoder use the NoOpPasswordEncoder to validate these passwords. Notice that NoOpPasswordEncoder is deprecated though, as it is not a good practice to store passwords in plain text.

User.withUsername("user").password("{noop}user").roles("USER").build();

For more information, check this post.

https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-encoding

More Related Contents:

  1. Spring Boot Security CORS
  2. Spring Boot War deployed to Tomcat
  3. Spring Boot CORS filter – CORS preflight channel did not succeed
  4. spring boot war without tomcat embedded
  5. Prevent Spring Boot from registering a servlet filter
  6. How to get custom user info from OAuth2 authorization server /user endpoint
  7. antMatchers that matches any beginning of path
  8. Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints
  9. How to use multiple login pages one for admin and the other one for user
  10. Spring Boot with embedded Tomcat behind Apache proxy
  11. Using Maven properties in application.properties in Spring Boot
  12. How to allow a User only access their own data in Spring Boot / Spring Security?
  13. One Spring Boot project, deploy to both JAR or WAR
  14. How to Solve 403 Error in Spring Boot Post Request
  15. How to configure CORS in a Spring Boot + Spring Security application?
  16. Filter invoke twice when register as Spring bean
  17. Spring Boot – Loading Initial Data
  18. Spring Boot not serving static content
  19. How Spring Security Filter Chain works
  20. Disable all Database related auto configuration in Spring Boot
  21. How to use OAuth2RestTemplate?
  22. java.lang.NoClassDefFoundError: org/springframework/core/env/ConfigurableEnvironment
  23. How to enable HTTP response caching in Spring Boot
  24. How to write a custom filter in spring security?
  25. Where to put static files such as CSS in a spring-boot project?
  26. Multiple WebSecurityConfigurerAdapter in spring boot for multiple patterns
  27. Maven Resource Filtering with Spring Boot: Could not resolve placeholder
  28. Multiple antMatchers in Spring security
  29. How do I disable resolving login parameters passed as url parameters / from the url
  30. Spring Boot JSF Integration

Leave a Comment