I use Spring MVC in my application and the login is authenticated by spring security. I have the following two methods in my UserServiceImpl.java
class,
public
As was suggested in answer by MangEngkus you can implement your own custom AuthenticationProvider but based on your description I don't think you need to do that.
You don't need to implement your own password hashing mechanism into spring-security. You just need to define BCryptPasswordEncoder from spring itself.
Either this way to use the default one:
<authentication-manager>
<authentication-provider>
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
Or create your own bean and supply it to default provider:
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="15" />
</beans:bean>
But for you, this is the way: :)
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
<beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>
<bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
if you want, you can create your own AuthenticationProvider
public class CustomAuthenticationProvider implements AuthenticationProvider{
private UserDetailsService service;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
String username = token.getName();
String password = token.getCredentials(); // retrieve the password
// do something here
// if ok then return the authentication
return new UsernamePasswordAuthenticationToken(username, password, authorities);
}
}
and plug it to your security configuration
<beans:bean id="customAuthenticationProvider"
class="com.xxx.CustomAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
<beans:bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="customAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>