Issue
I can't login with the correct details as the program keeps stating that the encoded password does not look like bcrypt. Does anyone know how to solve this? I'm using JDBC authentication.
I have the correct database table as well, with enough space for the encoded password. I'm not sure where it's going wrong.
JSP FORM:
<div class="form-group">
<div class="form-label-group">
<label for="inputUser">Username: </label> <input name="username"
type="text" path="username" id="inputUser" class="form-control"
placeholder="Username" required="required" autofocus="autofocus">
</div>
</div>
<div class="form-group">
<div class="form-label-group">
<label for="inputPassword">Password: </label>
<input name="username" type="password" path="password"
id="inputPassword" class="form-control" placeholder="Password"
required="required">
</div>
</div>
<div class="form-group">
<div class="checkbox">
<label> <input type="checkbox" value="remember-me">
Remember Password
</label>
</div>
</div>
<input type="submit" value="Login"/>
</form:form>
Security Config:
@Autowired
private DataSource securityDataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(securityDataSource).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/management/**").authenticated().and().formLogin().loginPage("/login")
.loginProcessingUrl("/processLogin").defaultSuccessUrl("/management/dashboard").permitAll();
http.exceptionHandling().accessDeniedPage("/access-denied");
}
@Bean
@Autowired
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
Login Controller
@Controller
public class LoginController {
@Autowired
private UserServiceImpl userService;
@GetMapping("/login")
public String showLoginForm(Model model) {
User user = new User();
model.addAttribute("user", user);
return "login";
}
@PostMapping("/processLogin")
public String processLogin(@ModelAttribute("user") User user, Model model) {
if (userService.findUser(user.getUsername(), user.getPassword()) != null) {
return "/management/dashboard";
} else {
return "/access-denied";
}
}
}
My database: here
Solution
Looking at your database entries, it seems like you were using org.springframework.security.crypto.password.DelegatingPasswordEncoder once and switched back to org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.
Only the DelegatingPasswordEncoder is capable of handling passwords encoded with different schemes.
If you want to stick with your, currently configured, BCryptPasswordEncoder, you need to
- remove the prefix
{bcrypt} - Encode the two passwords
test123forjohnandsusanwith a BCryptPasswordEncoder
Answered By - Manuel
