0

I'm building MVC with Spring Security

My SecurityConfig:

@Configuration
@Slf4j
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
BCryptPasswordEncoder bCryptPasswordEncoder;

@Qualifier("userDetailsServiceImpl")
@Autowired
UserDetailsService userDetailsService;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    auth
            .userDetailsService(userDetailsService)
            .passwordEncoder(getEncoder());

}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/**").hasAnyRole("admin")
            .and()
            .formLogin()
            .loginPage("/login").permitAll();
    log.debug("http object", http);
}

@Bean
public BCryptPasswordEncoder getEncoder() {
    return new BCryptPasswordEncoder();
}
}

My UserDetailsServiceImpl:

@Service
@Slf4j
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;

@Autowired
BCryptPasswordEncoder bCryptPasswordEncoder;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    Optional<UsersEntity> optionalUser = userRepository.findByUserName(username);
    if (optionalUser.isPresent()) {
        UsersEntity user = optionalUser.get();
        List<String> roleList = new ArrayList<String>();
        for(RoleEntity roleEntity : user.getRoleList()){
            roleList.add(roleEntity.getRole());
        }
        Boolean disabled = ((user.getDisabledFlag() == 0) ? false : true);

        UserDetails userToBuild = User.builder()
                .username(user.getUserName())
                .password(user.getPassword())
                .disabled(false)
                .accountExpired(false)
                .credentialsExpired(false)
                .accountLocked(false)
                .roles(roleList.toArray(new String[0]))
                .build();
        return userToBuild;
    } else {
        throw new UsernameNotFoundException("Username not found");
    }
}
}

For some reason I'm getting error Encoded password does not look like BCrypt

I'm sure it's simple error to solve but I don't have idea what I'm doing wrong. Password in DB is BCrypt. Used in different app(PHP) without issue. Now I'm learning Spring Boot and doing another app using same database. I follow https://www.yawintutor.com/spring-boot-security-database-authentication-using-userdetailsservice-example but over there password is plain in database, so want to use hashed one.

maw2be
  • 91
  • 2
  • 12
  • Does this answer your question? [Encoded password does not look like BCrypt](https://stackoverflow.com/questions/49582971/encoded-password-does-not-look-like-bcrypt) – Chetan Ahirrao Dec 08 '20 at 19:00

1 Answers1

1

I was testing on local, so I use online generator for hashing. I check another one and this one working. It's looks like spring using some different algorithm compare to some of online generators.

maw2be
  • 91
  • 2
  • 12