1

jsp i have j_username ,j_password, this will call my UserDetailsServiceImpl.loadUserByUsername(string username) , how to authenticate the password ?

bakkal
  • 54,350
  • 12
  • 131
  • 107
cometta
  • 35,071
  • 77
  • 215
  • 324

1 Answers1

5

You don't authenticate the password yourself, Spring Security compares the UserDetails object you return from loadUserByUsername() (which contains a password field) with the credentials presented by the user.

This allows the authentication logic to be abstracted away and not handled in code, for example if you want to change to using hashes, salts, etc.

matt b
  • 138,234
  • 66
  • 282
  • 345
  • What if my password is encrypted in the database? How do I tell Spring security to encrypt the password entered by the user in the login form before comparing it with the password stored in the DB? – Sajib Acharya May 08 '16 at 21:00
  • I got my answer [here](http://stackoverflow.com/questions/34931606/how-to-get-the-user-entered-values-of-username-and-password-in-a-spring-security). Thanks. – Sajib Acharya May 08 '16 at 21:31