Java 1687 1 (#9450)

* used password encoder over plaintext password * used password encoder over plaintext password
2020-06-09 00:26:31 +05:30 · 2020-06-09 00:26:31 +05:30 · 32259e7caf
parent 10c4ebad08
commit 32259e7caf
4 changed files with 20 additions and 2 deletions
--- a/spring-5-security/src/main/java/com/baeldung/loginextrafieldscustom/CustomUserRepository.java
+++ b/spring-5-security/src/main/java/com/baeldung/loginextrafieldscustom/CustomUserRepository.java
@ -5,11 +5,18 @@ import java.util.Collection;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Repository;

@Repository("userRepository")
 public class CustomUserRepository implements UserRepository {

+    private PasswordEncoder passwordEncoder;
+    
+    public CustomUserRepository(PasswordEncoder passwordEncoder) {
+        this.passwordEncoder = passwordEncoder;
+    }
+
    @Override
    public User findUser(String username, String domain) {
        if (StringUtils.isAnyBlank(username, domain)) {
@ -17,7 +24,7 @@ public class CustomUserRepository implements UserRepository {
        } else {
            Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
            User user =  new User(username, domain, 
-                "$2a$10$U3GhSMpsMSOE8Kqsbn58/edxDBKlVuYMh7qk/7ErApYFjJzi2VG5K", true, 
+                passwordEncoder.encode("secret"), true, 
                true, true, true, authorities);
            return user;
        }
--- a/spring-5-security/src/main/java/com/baeldung/loginextrafieldscustom/SecurityConfig.java
+++ b/spring-5-security/src/main/java/com/baeldung/loginextrafieldscustom/SecurityConfig.java
@ -1,6 +1,7 @@
 package com.baeldung.loginextrafieldscustom;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@ -56,6 +57,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
    }

+    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
--- a/spring-5-security/src/main/java/com/baeldung/loginextrafieldssimple/SecurityConfig.java
+++ b/spring-5-security/src/main/java/com/baeldung/loginextrafieldssimple/SecurityConfig.java
@ -1,6 +1,7 @@
 package com.baeldung.loginextrafieldssimple;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@ -59,6 +60,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
    }

+    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
--- a/spring-5-security/src/main/java/com/baeldung/loginextrafieldssimple/SimpleUserRepository.java
+++ b/spring-5-security/src/main/java/com/baeldung/loginextrafieldssimple/SimpleUserRepository.java
@ -5,11 +5,18 @@ import java.util.Collection;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Repository;

@Repository("userRepository")
 public class SimpleUserRepository implements UserRepository {

+    private PasswordEncoder passwordEncoder;
+    
+    public SimpleUserRepository(PasswordEncoder passwordEncoder) {
+        this.passwordEncoder = passwordEncoder;
+    }
+
    @Override
    public User findUser(String username, String domain) {
        if (StringUtils.isAnyBlank(username, domain)) {
@ -17,7 +24,7 @@ public class SimpleUserRepository implements UserRepository {
        } else {
            Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
            User user =  new User(username, domain, 
-                "$2a$10$U3GhSMpsMSOE8Kqsbn58/edxDBKlVuYMh7qk/7ErApYFjJzi2VG5K", true, 
+                passwordEncoder.encode("secret"), true, 
                true, true, true, authorities);
            return user;
        }