Spring Boot: How to specify the PasswordEncoder?

Question

Currently I got the main class:

package com.recweb.springboot;

import org.springframework.boot.SpringApplication;
im         


        

Answer 1

A few days ago I have to face the same problem on spring security version (5.0.8). See the example version here:

code:

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

auth
                .inMemoryAuthentication()
                .passwordEncoder(NoOpPasswordEncoder.getInstance())
                .withUser("farid").password("farid").roles("USER")
                .and()
                .withUser("admin").password("admin").roles("ADMIN");
    }

OR

When you are configuring the ClientDetailsServiceConfigurer, you have to also apply the new password storag`enter code here`e format to the client secret.

.secret("{noop}secret")

you can see the link: enter link description here

Answer 2

You need to have some sort of a password encoder, but

withDefaultPasswordEncoder()

is deprecated and no more suitable for production. Use this instead:

PasswordEncoder encoder =
     PasswordEncoderFactories.createDelegatingPasswordEncoder();

...

UserDetails user = User.withUsername("someusername")
                       .password(encoder.encode("somepassword"))
                       .roles("USER").build();

Ref: https://docs.spring.io/spring-security/site/docs/5.0.2.BUILD-SNAPSHOT/api/index.html?org/springframework/security/core/userdetails/User.html

Answer 3

Use any of the following and it will work fine:-

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("{noop}admin@123").roles("admin");
    }

or

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("{noop}admin").roles("admin");
    }

or

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("admin").password("{noop}admin").roles("admin");
    }

Thanks!

Answer 4

You can use this, but be advised that User.withDefaultPasswordEncoder() is deprecated:

@Bean
@Override
public UserDetailsService userDetailsService() {

    PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

    final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);
    UserDetails user = userBuilder
            .username("user")
            .password("password")
            .roles("USER")
            .build();

    UserDetails admin = userBuilder
            .username("admin")
            .password("password")
            .roles("USER","ADMIN")
            .build();

    return new InMemoryUserDetailsManager(user, admin);
}

Answer 5

Prefix all existing passwords with {noop} to keep the default encoder of Spring Security 5.

Example:

auth.inMemoryAuthentication()
    .withUser("admin").password("{noop}admin!234").roles("ADMIN");

Answer 6

You need to set Password encoder , check the following sample

PasswordEncoder encoder =
             PasswordEncoderFactories.createDelegatingPasswordEncoder();
    auth.inMemoryAuthentication().passwordEncoder(encoder).withUser("Ahmad")
            .password("1600").roles("USER", "ADMIN").and().withUser("Belal").password("1515").roles("USER");