How to use Spring security without password encoding?

Question

I\'m trying to learn Spring security currently. I used BCryptPasswordEncoder to encode user password before persisting into a database

Code:

Answer 1

With Spring Security 5 encryption on passwords is always enabled. The encryption used by default is bcrypt. What is neat about Spring Security 5 is that it actually allows you to specify, in your password, which encryption was used to create the has.

For this see the Password Storage Format in the Spring Security Reference Guide. In short it allows you to prefix your password for a well known key to an algorithm. The storage format is {}.

When using nothing it would become {noop}your-password (which would use the NoOpPasswordEncoder and {bcrypt}$a2...... would use the BcryptPasswordEncoder. There are several algorithms supported out-of-the-box, but you can also define your own.

To define your own create your own PasswordEncoder and register it under a key with the DelegatingPasswordEncoder.