Spring Boot Security - Password Encoding Using BCrypt
But currently the passwords is clearly visible in the database tables. This is may be a security issue as hackers or even employees can misuse this. You can Bcrypt a password using Online Bcrypt Generator
Spring Boot Security - Table Of Contents
Spring Boot + Simple Security Configuration Spring Boot Form Security Login Hello World Example Spring Boot Security - Custom Login Page Example Spring Boot Security - JDBC Authentication Example Spring Boot Security - Creating Users Programmatically Using JdbcUserDetailsManager Spring Boot Security - Password Encoding Using BCrypt Spring Boot Security - Enabling CSRF Protection Spring Boot Security - Authentication Handler Example Spring Boot Security - Introduction to OAuth Spring Boot OAuth2 Part 1 - Getting The Authorization Code Spring Boot OAuth2 Part 2 - Getting The Access Token And Using it to Fetch Data. Online Bcrypt Generator and Validator
Video
This tutorial is explained in the below Youtube Video.Lets Begin-
Maven Project will be as follows-
Next we modify the security configuration to use the bycrypt encoder. We first create a bean of type BCryptPasswordEncoder. This bean type is then provided to the AuthenticationManagerBuilder.
package com.javainuse.config; import javax.sql.DataSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.provisioning.JdbcUserDetailsManager; @Configuration @EnableWebSecurity public class EmployeeSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired DataSource dataSource; @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } // Enable jdbc authentication @Autowired public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder()); } @Bean public JdbcUserDetailsManager jdbcUserDetailsManager() throws Exception { JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(); jdbcUserDetailsManager.setDataSource(dataSource); return jdbcUserDetailsManager; } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/resources/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/register").permitAll().antMatchers("/welcome") .hasAnyRole("USER", "ADMIN").antMatchers("/getEmployees").hasAnyRole("USER", "ADMIN") .antMatchers("/addNewEmployee").hasAnyRole("ADMIN").anyRequest().authenticated().and().formLogin() .loginPage("/login").permitAll().and().logout().permitAll(); http.csrf().disable(); } // @Autowired // public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) // throws Exception { // authenticationMgr.inMemoryAuthentication().withUser("admin").password("admin").authorities("ROLE_USER").and() // .withUser("javainuse").password("javainuse").authorities("ROLE_USER", // "ROLE_ADMIN"); // } }