Home > Back-end >  Spring Security DelegatingPasswordEncoder doesn't validate passwords that have no prefix
Spring Security DelegatingPasswordEncoder doesn't validate passwords that have no prefix

Time:04-28

I have recently implemented the DelegatingPasswordEncoder that delegates to PassworEncoders instances upon the prefix of the stored password. The problem is that for the previous stored password that has no prefix it throws an error 'There is no PasswordEncoder mapped for the id "null"'.I have been told that to defining a default PasswordEncoder to authenticate password that has no prefix the PasswordEncoder prefix has to be specified it in the first parameter of the DelegatingPasswordEncoder () constructor as I specified in the below code example because the stored password are encoded as plain text.

@Bean
    public PasswordEncoder passwordEncoder(){
      
        Map<String,PasswordEncoder> encoders= new HashMap<>();
        encoders.put("", NoOpPasswordEncoder.getInstance());
        encoders.put("noop", NoOpPasswordEncoder.getInstance());
        encoders.put("bcrypt",new BCryptPasswordEncoder());
        encoders.put("scrypt",new SCryptPasswordEncoder());
        return new DelegatingPasswordEncoder("noop",encoders);
    }

CodePudding user response:

For Passwords with no id, you can set a Default Password Encoder using DelegatingPasswordEncoder method setDefaultPasswordEncoderForMatches(PasswordEncoder defaultPasswordEncoderForMatches)

If this is not set, spring uses UnmappedIdPasswordEncoder by default, which throws IllegalArgumentException

  • Related