1

I am using Spring StandardPasswordEncoder to encode password before inserting into database. But when trying to login with same password I am getting an invalid password error. Not sure what is wrong. Below is the code.

security configuration:

<security:authentication-manager id="authMgr">
    <security:authentication-provider>
        <security:jdbc-user-service
            data-source-ref="dataSource" />
        <security:password-encoder ref="passwordEncoder"></security:password-encoder>
    </security:authentication-provider>
</security:authentication-manager>
<bean id="passwordEncoder   class="org.springframework.security.crypto.password.StandardPasswordEncoder">
</bean>

Service layer(password encoding before passing data to data access layer)

import org.springframework.security.crypto.password.PasswordEncoder;

@Autowired
private PasswordEncoder passwordEncoder;

user.setPassword(passwordEncoder.encode(newAccountDetails.getPassword()));
userDataAccess.createUser(user);
Meena Chaudhary
  • 9,909
  • 16
  • 60
  • 94

2 Answers2

1

I believe the recommendation How to use new PasswordEncoder from Spring Security applies. See the accepted answer there for a good explanation.

I'd modify the suggested code in one of the answers to the following to better fit your current setup:

<security:authentication-manager id="authMgr">
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource" />
        <security:password-encoder ref="passwordEncoder"></security:password-encoder>
    </security:authentication-provider>
</security:authentication-manager>

<bean id="passwordEncoder class="org.springframework.security.crypto.password.org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
</bean>
Community
  • 1
  • 1
jzheaux
  • 7,042
  • 3
  • 22
  • 36
0

I had the same problem though I had authorities-by-username-query set on my authentication provider. Even though I had the correct security configuration, authentication failed with invalid username/password when the user had no authority in my database . The error message was misleading.

Balu
  • 522
  • 6
  • 16