Java 1687 1 (#9450)

* used password encoder over plaintext password

* used password encoder over plaintext password
This commit is contained in:
Amit Pandey 2020-06-09 00:26:31 +05:30 committed by GitHub
parent 10c4ebad08
commit 32259e7caf
4 changed files with 20 additions and 2 deletions

View File

@ -5,11 +5,18 @@ import java.util.Collection;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Repository; import org.springframework.stereotype.Repository;
@Repository("userRepository") @Repository("userRepository")
public class CustomUserRepository implements UserRepository { public class CustomUserRepository implements UserRepository {
private PasswordEncoder passwordEncoder;
public CustomUserRepository(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
@Override @Override
public User findUser(String username, String domain) { public User findUser(String username, String domain) {
if (StringUtils.isAnyBlank(username, domain)) { if (StringUtils.isAnyBlank(username, domain)) {
@ -17,7 +24,7 @@ public class CustomUserRepository implements UserRepository {
} else { } else {
Collection<? extends GrantedAuthority> authorities = new ArrayList<>(); Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
User user = new User(username, domain, User user = new User(username, domain,
"$2a$10$U3GhSMpsMSOE8Kqsbn58/edxDBKlVuYMh7qk/7ErApYFjJzi2VG5K", true, passwordEncoder.encode("secret"), true,
true, true, true, authorities); true, true, true, authorities);
return user; return user;
} }

View File

@ -1,6 +1,7 @@
package com.baeldung.loginextrafieldscustom; package com.baeldung.loginextrafieldscustom;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.PropertySource;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@ -56,6 +57,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
return new SimpleUrlAuthenticationFailureHandler("/login?error=true"); return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
} }
@Bean
public PasswordEncoder passwordEncoder() { public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(); return new BCryptPasswordEncoder();
} }

View File

@ -1,6 +1,7 @@
package com.baeldung.loginextrafieldssimple; package com.baeldung.loginextrafieldssimple;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.PropertySource;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@ -59,6 +60,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
return new SimpleUrlAuthenticationFailureHandler("/login?error=true"); return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
} }
@Bean
public PasswordEncoder passwordEncoder() { public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(); return new BCryptPasswordEncoder();
} }

View File

@ -5,11 +5,18 @@ import java.util.Collection;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Repository; import org.springframework.stereotype.Repository;
@Repository("userRepository") @Repository("userRepository")
public class SimpleUserRepository implements UserRepository { public class SimpleUserRepository implements UserRepository {
private PasswordEncoder passwordEncoder;
public SimpleUserRepository(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
@Override @Override
public User findUser(String username, String domain) { public User findUser(String username, String domain) {
if (StringUtils.isAnyBlank(username, domain)) { if (StringUtils.isAnyBlank(username, domain)) {
@ -17,7 +24,7 @@ public class SimpleUserRepository implements UserRepository {
} else { } else {
Collection<? extends GrantedAuthority> authorities = new ArrayList<>(); Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
User user = new User(username, domain, User user = new User(username, domain,
"$2a$10$U3GhSMpsMSOE8Kqsbn58/edxDBKlVuYMh7qk/7ErApYFjJzi2VG5K", true, passwordEncoder.encode("secret"), true,
true, true, true, authorities); true, true, true, authorities);
return user; return user;
} }