0

Encryption

Md5PasswordEncoder md5PasswordEncoder = new Md5PasswordEncoder(); md5PasswordEncoder.encodePassword( userRegistrationInfo.getPassword(), AppConstants.MD5_PASSWORD_ENCODER_SALT);

Spring Security Configuration

@Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(userDetailsService) .passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder() { PasswordEncoder encoder = new BCryptPasswordEncoder(); return encoder; }

I need to use org.springframework.security.authentication.encoding.Md5PasswordEncoder for my password encryption. But I don't know how to configure passwordEncoder() in Spring security configuration.

Improve this question
3
  • 1
    md5 in 2017? Are you kidding? Commented Feb 20, 2017 at 9:57
  • can you suggest any secure encryption? Commented Feb 20, 2017 at 10:14
  • 1
    BCryptPasswordEncoder Commented Feb 17, 2019 at 19:45

6 Answers 6

Reset to default
6 
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(customUserDetailsService) .passwordEncoder(passwordEncoder()); } } @Bean public PasswordEncoder passwordEncoder(){ //implements PasswordEncoder and overide encode method with the MD5 protocol return new MD5PasswordEncoder(); }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This is supported until spring security 5 but with spring security 6.0, WebSecurityConfigurerAdapter is not available. Need to be replaced with SecurityFilterChain, also there are few changes to use userDetailsService and encoder.
@bh4r4th, a new answer for Spring 6 would be appreciated.
5

Security Config

 @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder(){ PasswordEncoder encoder = new FlasherPasswordEncoder(); return encoder; }

PasswordEncoder MyOwn Implementation

 package com.flasher.config; import org.springframework.security.authentication.encoding.Md5PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; public class FlasherPasswordEncoder implements PasswordEncoder { @Override public String encode(CharSequence rawPassword) { return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT); } @Override public boolean matches(CharSequence rawPassword, String encodedPassword) { return new Md5PasswordEncoder().encodePassword(rawPassword.toString(), AppConstants.MD5_PASSWORD_ENCODER_SALT) .equals(encodedPassword); } }
Improve this answer

Comments

1

Not sure what your problem is. Md5PasswordEncoder has an emtpy constructor so you can simply

<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder "> </bean>

And then pass it to your AuthenticationProvider (for example DaoAuthenticationProvider)

<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService"> <ref bean="yourUserDetailsService"/> </property> <property name="passwordEncoder"> <ref bean="passwordEncoder"/> </property> </bean>

UPDATE: the op commented, that he is using a salt. That depends also on your authentication provider. If your are using the DaoAuthenticationProvider you can use the setSaltSource to set your salt source. Just add another property to the config refering to your salt-source-bean.

Improve this answer

3 Comments

ah, now you edited your question... I leave this here anyway
but I'm using a salt for encoding
Md5PasswordEncoder md5PasswordEncoder =new Md5PasswordEncoder(); md5PasswordEncoder.encodePassword(userRegistrationInfo.getPassword(),AppConstants.MD5_PASSWORD_ENCODER_SALT);
1

Spring Security 5 has been removed Md5PasswordEncoder.If you want to use MD5 encode you can customize :

@Bean public PasswordEncoder passwordEncoder() { return new PasswordEncoder() { @Override public String encode(CharSequence charSequence) { return getMd5(charSequence.toString()); } @Override public boolean matches(CharSequence charSequence, String s) { return getMd5(charSequence.toString()).equals(s); } }; } public static String getMd5(String input) { try { // Static getInstance method is called with hashing SHA MessageDigest md = MessageDigest.getInstance("MD5"); // digest() method called // to calculate message digest of an input // and return array of byte byte[] messageDigest = md.digest(input.getBytes()); // Convert byte array into signum representation BigInteger no = new BigInteger(1, messageDigest); // Convert message digest into hex value String hashtext = no.toString(16); while (hashtext.length() < 32) { hashtext = "0" + hashtext; } return hashtext; } // For specifying wrong message digest algorithms catch (NoSuchAlgorithmException e) { System.out.println("Exception thrown" + " for incorrect algorithm: " + e); return null; } }
Improve this answer

1 Comment

This does not work for me. While debugging it enters to encode(CharSequence charSequence) method first and here charSequence is equal to userNotFoundPassword. After this matches() compares the md5 hash of 'userNotFoundPassword' and the received password hash and returns false of course
0 
 @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder(){ PasswordEncoder encoder = new Md5PasswordEncoder(); return encoder; }
Improve this answer

Comments

0 
@Bean public PasswordEncoder passwordEncoder(){ //MD5 encoder implementation return new MD5PasswordEncoder(); }

Paste the above code below the following code under SecurityConfig Class:

@Autowired public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { authenticationManagerBuilder.userDetailsService(userDetailsService) .passwordEncoder(passwordEncoder()); }
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.