password change in spring-security.xml
Question
I am new to spring security and having a third party war file which I have deployed in Tomcat Server. The access to the application is being controlled by spring-security.xml.
<beans:beans profile="some.profile">
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
I want to change the default password which I did in the above settings. But I also want to encrypt the password in this xml, so that it is not stored as plain text. I googled this but did not get any answers matching to this problem.Also I don't want to persist in DB as this is just one time.
1 answers
solution1
1 2017-08-22 12:12:07
Password hash can be used by adding extra parameter "password-encoder". There are some online password hash calculators, it can be used to retrieve hash string (md5, bcrypt or different encoding method) Configuration sample of md5 encryption:
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="b91cd1a54781790beaa2baf741fa6789" authorities="ROLE_USER" />
</user-service>
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.