Home > Back-end >  Spring Security DelegatingPasswordEncoder doesn't validate passwords that have no prefix
Spring Security DelegatingPasswordEncoder doesn't validate passwords that have no prefix

Time:04-28

I have recently implemented the DelegatingPasswordEncoder that delegates to PassworEncoders instances upon the prefix of the stored password. The problem is that for the previous stored password that has no prefix it throws an error 'There is no PasswordEncoder mapped for the id "null"'.I have been told that to defining a default PasswordEncoder to authenticate password that has no prefix the PasswordEncoder prefix has to be specified it in the first parameter of the DelegatingPasswordEncoder () constructor as I specified in the below code example because the stored password are encoded as plain text.

@Bean
    public PasswordEncoder passwordEncoder(){
      
        Map<String,PasswordEncoder> encoders= new HashMap<>();
        encoders.put("", NoOpPasswordEncoder.getInstance());
        encoders.put("noop", NoOpPasswordEncoder.getInstance());
        encoders.put("bcrypt",new BCryptPasswordEncoder());
        encoders.put("scrypt",new SCryptPasswordEncoder());
        return new DelegatingPasswordEncoder("noop",encoders);
    }

CodePudding user response:

For Passwords with no id, you can set a Default Password Encoder using DelegatingPasswordEncoder method setDefaultPasswordEncoderForMatches(PasswordEncoder defaultPasswordEncoderForMatches)

If this is not set, spring uses UnmappedIdPasswordEncoder by default, which throws IllegalArgumentException

Page link:https//www.codepudding.com/Backend/387526.html

Prev:spring jsp app works in tomcat but respond 404 in embedded tomcat
Next:Kafka Console Producer using avro
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding