Announcement Announcement Module
Collapse
No announcement yet.
password encoder configuration problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • password encoder configuration problem

    I've been fighting a battle all morning with configuring the password encoder for the authentication manager. No matter what I try, I wind up with a spring Md5PasswordEncoder in my DaoAuthenticationProvider. Here's my current security configuration:

    Code:
        <http auto-config="true" access-decision-manager-ref="accessDecisionManager">
            <intercept-url pattern="/" access="permitAll"/>
            <intercept-url pattern="/**" access="isAuthenticated()"/>
            <form-login />
            <logout logout-success-url="/" />
        </http>
    
        <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
            <beans:property name="decisionVoters">
                <beans:list>
                    <beans:bean class="org.springframework.security.web.access.expression.WebExpressionVoter"/>
                    <beans:bean class="org.springframework.security.access.vote.RoleVoter">
                        <beans:property name="rolePrefix" value=""/>
                    </beans:bean>
                    <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
                </beans:list>
            </beans:property>
        </beans:bean>
    
        <authentication-manager>
            <authentication-provider user-service-ref="userDetailsService">
                <password-encoder hash="sha"/>
            </authentication-provider>
        </authentication-manager>
    My userDetailsService bean is an autowired bean that implements the org.springframework.security.core.userdetails.User DetailsService interface. This configuration results in a DaoAuthenticationProvider that has an instance of my custom UserDetailsService class... but the password encoder is still an Md5PasswordEncoder.

    Anyone know what I'm doing wrong?

  • #2
    Would you mind trying to do the password encoding according to your requirement using below configuration:

    Code:
    <authentication-manager alias="authenticationManager">
        	<authentication-provider user-service-ref="jdbcUserService">
        		<password-encoder ref="passwordEncoder">
        			<salt-source ref="saltSource"/>
        		</password-encoder>
        	</authentication-provider>
    </authentication-manager>
    beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder">
    	<beans:constructor-arg value="256"/>
    </beans:bean>
    <beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource" id="saltSource">
    	<beans:property name="userPropertyToUse" value="username"/>
    </beans:bean>

    Comment

    Working...
    X