[BAEL-12731] - Added BcryptPasswordEncoder support

2019-03-17 00:53:27 +05:30 · 2019-03-17 00:53:27 +05:30 · 5ca4d0b527
commit 5ca4d0b527
parent 1ff8710842
3 changed files with 30 additions and 5 deletions
--- a/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java
+++ b/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java
@ -1,18 +1,24 @@
 package com.baeldung.integrationtesting;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
 public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        
+        BCryptPasswordEncoder encoder = passwordEncoder();
+        
        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
            .withUser("spring")
-            .password("{noop}secret")
+            .password(encoder.encode("secret"))
            .roles("USER");
    }

@ -27,5 +33,8 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
            .httpBasic();
    }

-    
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }
--- a/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthorizationServerConfig.java
+++ b/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthorizationServerConfig.java
@ -1,9 +1,11 @@
 package com.baeldung.springbootsecurity.oauth2server.config;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
@ -25,15 +27,20 @@ public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdap
        clients
          .inMemory()
          .withClient("baeldung")
-          .secret("{noop}baeldung")
+          .secret(passwordEncoder().encode("baeldung"))
          .authorizedGrantTypes("client_credentials", "password", "authorization_code")
          .scopes("openid", "read")
          .autoApprove(true)
          .and()
          .withClient("baeldung-admin")
-          .secret("{noop}baeldung")
+          .secret(passwordEncoder().encode("baeldung"))
          .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token")
          .scopes("read", "write")
          .autoApprove(true);
    }
+    
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }
--- a/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
+++ b/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
@ -1,10 +1,12 @@
 package com.baeldung.springsecuritytaglibs.config;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
@ -12,9 +14,11 @@ public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapte

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        BCryptPasswordEncoder encoder = passwordEncoder();
        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
            .withUser("testUser")
-            .password("{noop}password")
+            .password(encoder.encode("password"))
            .roles("ADMIN");
    }

@ -28,4 +32,9 @@ public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapte
                .anyRequest().permitAll().and().httpBasic();
        // @formatter:on
    }
+    
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }