0

I am getting the error below in Spring security after applying:

PasswordEncoderFactories.createDelegatingPasswordEncoder()

Project dependency:

  • Spring Boot2.1.3
  • Spring-cloud-starter-oauth2

I tried to use both of the below approaches:

First approach:

@Override
 protected void configure(AuthenticationManagerBuilder auth) throws Exception {

final PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

        auth.inMemoryAuthentication()
            .withUser("user")
            .password(encoder.encode("password"))
            .roles("USER");

    }

Error:

java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches

Second: approach - 

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

final BCryptPasswordEncoder bcrypt = new BCryptPasswordEncoder();
        auth.inMemoryAuthentication()
            .withUser("user")
            .password(encoder.encode("password"))
            .roles("USER");

    }

Error:

java.lang.IllegalArgumentException: password is not bcrypt type

I did not tried {noop}password because it is already depricated from Spring5. Had seen many solution on sites, but did not able to solve my problem.

Timisorean
  • 1,388
  • 7
  • 20
  • 30
Dheeraj
  • 1
  • 1
  • 2
  • For the first approach, did you bother to **read the documentation**, i.e. the javadoc of [`DelegatingPasswordEncoder`](https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/password/DelegatingPasswordEncoder.html), to know how it even works? --- Do you know what "delegating" means? It means to "hand off" to someone/something else. Since you didn't specify anything else, what did you think it would be delegating to? – Andreas Apr 06 '19 at 20:29
  • Yes I read the document for Delegating password encoder. I tried using the same after suggesting by so many developer on stack overflow. But none of the solution works for me. do you have any solution to fix the same than let me know..? – Dheeraj Apr 06 '19 at 20:35
  • Andreas - This question is asked for Spring 5 security, all the previous questions was out dated, and none of the solution worked. And I already asked question differently, while specifying Spring security5. This is the problem we are facing in Spring 5, not in previous version. So I request you to open this question for other developers to make a insight. – Dheeraj Apr 06 '19 at 20:43
  • You need to show stacktrace for both cases, so we can see where the error actually occur. --- Also, your code is not done the way various examples are showing, e.g. you're not creating the encoder in a `@Bean` method. – Andreas Apr 07 '19 at 03:08

1 Answers1

0

I had the same error message and just solved it.

Your first approach

   PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

    auth.inMemoryAuthentication()
        .withUser("user")
        .password(encoder.encode("password"))
        .roles("USER");

is only the first step of the solution.

I think you also implemented an AuthorizationServerConfigurerAdapter. And in this adapter implementation, you specified a ClientSecret which caused the error.

clients.inMemory()
        .withClient("ClientIdValue")
        .secret("ClientSecretValue")
        .authorizedGrantTypes("password", "refresh_token")

You should solve the Problem by adding a {noop} or an PasswordEncoder like you did in your approaches.

clients.inMemory()
        .withClient("ClientIdValue")
        .secret("{noop}ClientSecretValue")
        .authorizedGrantTypes("password", "refresh_token")
Dev Moerker
  • 111
  • 6