Issue
How can I encrypt a password coming from application.properties
?
spring:
security:
user:
name: bob
password: alice
Spring security authentication:
@Configuration
@EnableWebSecurity
public class BasicAuthConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.httpBasic();
return http.build();
}
//TODO: Not working
//@Bean
// public PasswordEncoder passwordEncoder() {
//return new BCryptPasswordEncoder(10);
//}
}
I assume passwordEncoder()
is called and encrypts the password.
(EDIT: If not, how can I access the properties password so I can call the passwordEncoder explicitly?)
But when I try to make a basic authentication
request using raw password(bob:alice) it doesn't work.
I'm getting 401
and Spring log is Encoded password does not look like BCrypt
.
How can I encrypt my password and also allow clients to make requests with raw credentials?
Solution
Keep the PasswordEncoder bean, and put in properties the password encoded by your encoder (not the raw password).
So in your case sth. like this:
spring:
security:
user:
name: bob
password: $2a$10$2T4wM24pGyHuLj12SI/rC.C1gkg4mLGTuzTse3choIVIOtlgsWmPC
Answered By - Szarpul
Answer Checked By - Clifford M. (JavaFixing Volunteer)