Merge pull request #3609 from steinhauer-software/BAEL-1489

BAEL-1489: New Password Storage In Spring Security 5
2018-02-25 18:28:32 +01:00 · 2018-02-25 18:28:32 +01:00 · ba97c27c78
parent 56a6e06bdd 73f248ffdd
commit ba97c27c78
4 changed files with 102 additions and 1 deletions
--- a/spring-5-security/pom.xml
+++ b/spring-5-security/pom.xml
@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.0.0.M7</version>
+		<version>2.0.0.RC2</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>

--- a/spring-5-security/src/main/java/com/baeldung/passwordstorage/BaeldungPasswordEncoderSetup.java
+++ b/spring-5-security/src/main/java/com/baeldung/passwordstorage/BaeldungPasswordEncoderSetup.java
@ -0,0 +1,35 @@
+package com.baeldung.passwordstorage;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class BaeldungPasswordEncoderSetup {
+
+    private final static Logger LOG = LoggerFactory.getLogger(BaeldungPasswordEncoderSetup.class);
+
+    @Bean
+    public ApplicationListener<AuthenticationSuccessEvent> authenticationSuccessListener(final PasswordEncoder encoder) {
+
+        return (AuthenticationSuccessEvent event) -> {
+            final Authentication auth = event.getAuthentication();
+
+            if (auth instanceof UsernamePasswordAuthenticationToken && auth.getCredentials() != null) {
+
+                final CharSequence clearTextPass = (CharSequence) auth.getCredentials(); // 1
+                final String newPasswordHash = encoder.encode(clearTextPass); // 2
+
+                LOG.info("New password hash {} for user {}", newPasswordHash, auth.getName());
+
+                ((UsernamePasswordAuthenticationToken) auth).eraseCredentials(); // 3
+            }
+        };
+    }
+}
--- a/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageApplication.java
+++ b/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageApplication.java
@ -0,0 +1,13 @@
+package com.baeldung.passwordstorage;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class PasswordStorageApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(PasswordStorageApplication.class, args);
+    }
+
+}
--- a/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java
+++ b/spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java
@ -0,0 +1,53 @@
+package com.baeldung.passwordstorage;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.crypto.password.StandardPasswordEncoder;
+import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+@Configuration
+public class PasswordStorageWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.eraseCredentials(false) // 4
+          .userDetailsService(getUserDefaultDetailsService())
+          .passwordEncoder(passwordEncoder());
+    }
+
+    @Bean
+    public UserDetailsService getUserDefaultDetailsService() {
+        User testUser = new User("baeldung", "{noop}SpringSecurity5", Collections.emptyList());
+        return new InMemoryUserDetailsManager(testUser);
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        // set up the list of supported encoders and their prefixes
+        PasswordEncoder defaultEncoder = new StandardPasswordEncoder();
+        Map<String, PasswordEncoder> encoders = new HashMap<>();
+        encoders.put("bcrypt", new BCryptPasswordEncoder());
+        encoders.put("scrypt", new SCryptPasswordEncoder());
+        encoders.put("noop", NoOpPasswordEncoder.getInstance());
+
+        DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder("bcrypt", encoders);
+        passwordEncoder.setDefaultPasswordEncoderForMatches(defaultEncoder);
+
+        return passwordEncoder;
+    }
+
+}