password change in spring-security.xml

Question

I am new to spring security and having a third party war file which I have deployed in Tomcat Server. The access to the application is being controlled by spring-security.xml.

<beans:beans profile="some.profile">
        <authentication-manager>
            <authentication-provider>
                <user-service>
                    <user name="admin" password="admin" authorities="ROLE_USER" />
                </user-service>
            </authentication-provider>
        </authentication-manager>
    </beans:beans>

I want to change the default password which I did in the above settings. But I also want to encrypt the password in this xml, so that it is not stored as plain text. I googled this but did not get any answers matching to this problem.Also I don't want to persist in DB as this is just one time.

have you tried with `application.properties` & jasypt approach? https://stackoverflow.com/a/10307724/3642353 — dawidklos, Aug 22 '17 at 11:45
@martwy_kotek thanks. jasypt approach works have injected beans from jasypt jar — JManish, Aug 24 '17 at 09:26

bpu · Answer 1 · 2017-08-22T12:32:52.523

Password hash can be used by adding extra parameter "password-encoder". There are some online password hash calculators, it can be used to retrieve hash string (md5, bcrypt or different encoding method) Configuration sample of md5 encryption:

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="admin" password="b91cd1a54781790beaa2baf741fa6789" authorities="ROLE_USER" />
        </user-service>
        <password-encoder ref="passwordEncoder" />
    </authentication-provider>
</authentication-manager>

<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>

password change in spring-security.xml

1 Answers1