Password encoding with Spring Data REST

Question

How should I encode automatically the subbmitted plain password field of my entity with Spring Data REST?

I\'m using BCrypt encoder and I want to automatically encod

Answer 1

Some enhancement to @robgmills JsonDeserializer solution:

• In Spring 5 introduce DelegatingPasswordEncoder. It is more flexible, see spring docs.
• It is not nesessary to create PasswordEncoder every time at deserialization.
• A big projects may has several JsonDeserializer's - better make them inner classes.
• Usually encoding password hidden for get request. I've used @JsonProperty(access = JsonProperty.Access.WRITE_ONLY), see https://stackoverflow.com/a/12505165/548473

For Spring Boot code looks like:

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    public static final PasswordEncoder PASSWORD_ENCODER = PasswordEncoderFactories.createDelegatingPasswordEncoder();

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
       auth.userDetailsService(userDetailsService()).passwordEncoder(PASSWORD_ENCODER);
    }
    ....

public class JsonDeserializers {
    public static class PasswordDeserializer extends JsonDeserializer {
        public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
            ObjectCodec oc = jsonParser.getCodec();
            JsonNode node = oc.readTree(jsonParser);
            String rawPassword = node.asText();
            return WebSecurityConfig.PASSWORD_ENCODER.encode(rawPassword);
        }
    }
    ...

@Entity
public class User ...

    @Column(name = "password")
    @Size(max = 256)
    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
    @JsonDeserialize(using = JsonDeserializers.PasswordDeserializer.class)
    private String password;
    ...