Announcement Announcement Module
No announcement yet.
Do the <security:password-encoder> and <security:salt-source> tag also provide beans? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Do the <security:password-encoder> and <security:salt-source> tag also provide beans?

    Hi all,

    As there are these tags
    <securityassword-encoder> and <security:salt-source>

    Can I also inject them somewhere in my code?

    As I'm getting an error trying to inject them somewhere to encrypt my passwords:

    "No matching bean of type [ ng.PasswordEncoder] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency."

    I guess there aren't any beans created somehow...I solved this by creating the beans and using ref values in their security tags. But what use are they if can't get them in my code somewhere for encrypting passwords?

    Just for decrypting in-xml hardcoded user details? Why not make them available anyways since they aren't very useful since you will most likely need them in your code to encrypt.



  • #2
    I wouldn't recommend you use a SaltSource unless you have a legacy system which requires a separately stored salt. Use a random salt concatenated with the password, as the LdapShaPasswordEncoder does (or the standard password encoder from the new crypto package in 3.1).

    The password-encoder is only really there to inject a bean into the DaoAuthenticationProvider. I would just use a reference as it is more obvious what is going on and the namespace doesn't really save you much.


    • #3
      Thx heaps @ Luke Taylor

      Me and my cholesterol want to thank you a lot for the fast reply!

      I now just use the ardPasswordEncoder
      instead and dropped the salt!

      Best wishes,



      • #4
        Hehe. Yes, I've never been a fan of too much salt myself . My blood pressure is high enough.