Spring MVC Security Password Encryption

In this tutorial, we will show you how to use BCryptPasswordEncoder to hash a password and perform a login authentication in Spring Security.

STEP 1 : Generate a BCrypt Password First, hash a password and put it into a database or in spring security in memory config, for login authentication later. This example uses BCryptPasswordEncoder to hash a password “123456”.
  • Filename: PasswordEncoderGenerator.java
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordEncoderGenerator {

 public static void main(String[] args) {

 int i = 0;
 while (i < 5) {
 String password = "123456";
 BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
 String hashedPassword = passwordEncoder.encode(password);

 System.out.println(hashedPassword);
 i++;
 }

 }
}

In BCrypt hashing algorithm, each time, a different hash value of length 60 is generated.
$2a$10$bVVGBTJW.eotUJvxeZkEEuop69ZEuhFAyLBIBS9KGC2xwITVYVwGi
$2a$10$afgx66/oURNEx5upfSM4k.hQjzng7u3dIzwWV3QQbNr.hdaegjv7e
$2a$10$kzym7WgzynrB8fSaAhbCJOaWlQH8sPPmehfWZ.PlKUYQEj2qTTqUS
$2a$10$umqihmMYnVqlKgVch5En8emTlYjfFcedXgXHZELoqOcxIBjoc89Qq
$2a$10$EUaXUkipS1x2j2o738hJMOs3rhfwI03J6UFtgWmtK53Zu0zL8Ny5.

It's normal to get a different value each time you hash a value with BCrypt, because salt is generated randomly. In this tutorial, we get the first output and use it. STEP 2 : Enable Password Encoder A few ways to enable the password encoder in XML configuration. Using the default BCryptPasswordEncoder.

Spring Security In Memory Authentication

add below to your spring-security.xml
    

<authentication-manager >
 <authentication-provider>
 
 <user-service>
 <user name="user" password="123456" authorities="ROLE_USER" />
 <user name="admin" password="$2a$10$J77YiMP1/U05eXaSr1XhQumEpO57yI9NugROQnUBJ5xUWPjc2V9Xy" authorities="ROLE_ADMIN,ROLE_API" />
 <user name="apiuser" password="$2a$10$J77YiMP1/U05eXaSr1XhQumEpO57yI9NugROQnUBJ5xUWPjc2V9Xy" authorities="ROLE_API" />
 </user-service>
 <password-encoder ref="encoder" /> 
 </authentication-provider>
 </authentication-manager>
 
 
 <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> 
 <beans:constructor-arg name="strength" value="10" /> 
 </beans:bean>

Spring Security DB Authentication

add below to your spring-security.xml
    

<!-- Select users and user_roles from database -->
 <authentication-manager>
 <authentication-provider>
 <jdbc-user-service data-source-ref="dataSource"
 users-by-username-query=
 "select username,password, enabled from users where username=?"
 authorities-by-username-query=
 "select username, role from user_roles where username =? " />
 <password-encoder ref="encoder" /> 
 </authentication-provider>
 </authentication-manager>
 
 
 <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> 
 <beans:constructor-arg name="strength" value="10" /> 
 </beans:bean>

Spring Security Hibernate Authentication

add below to your spring-security.xml
 
   
<!-- Select users and user_roles from database -->
 <authentication-manager >
 <authentication-provider user-service-ref="customUserDetailsService">
 <password-encoder ref="encoder" />
 </authentication-provider>
 </authentication-manager>
 
 <beans:bean id="customUserDetailsService" class="com.tutorialsdesk.service.CustomUserDetailsService" />
 
 <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> 
 <beans:constructor-arg name="strength" value="10" /> 
 </beans:bean>

In case of db / Hibernate authentication you need to store encrypted password in password field of user table. Keep visiting TutorialsDesk for more tutorials and practical programming examples on Spring MVC. Hope we are able to explain you Spring MVC Security Password Encryption example, if you have any questions or suggestions please write to us using contact us form.

Please share us on social media if you like the tutorial.