1

I'm very new to Spring and SpringSecurity. I have in my database the table where I have stored the users with their passwords. (a Postgresql database). Every time when I insert a new record in my table, I have a trigger that encrypts the password using md5 algorithm. On my application, I use Spring, and I try to also make use of SpringSecurity 3.2 module. I provided my own UserDetailsService service. the problem is that I don't know what should I do to make the authentication successful having this scenario. I think that spring fails to authenticate the user due to the fact that the password is stored with database md5 algorithm. Does anyone have any suggestion on what should I do.

If you need any code sample, ask me for it.

artaxerxe
  • 6,281
  • 21
  • 68
  • 106

1 Answers1

3

I think that spring fails to authenticate the user due to the fact that the password is stored with database md5 algorithm

You are correct. Your solution causes the passwords in the DB to be encrypted, but when the user tries to login, he enters his password, and then Spring (I guess it is Spring, right?) tries to compare it in front of what is in the DB. So Spring compares plain-text with encrypted, and it fails.

The solution is to encrypt, upon login, the password that the user has entered, and then to compare it in front of the DB.

Spring have in their DOCS several examples.

and here: How to use new PasswordEncoder from Spring Security

Community
  • 1
  • 1
OhadR
  • 8,276
  • 3
  • 47
  • 53