i am using spring security for login authorization. in my security-config.xml i am using the following code:
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource" users-by-
username-query="SELECT username, password,1 as enabled
FROM users WHERE username=?" authorities-by-
username-query="SELECT username, authority,1 as enabled
FROM users WHERE username =?" />
</authentication-provider>
</authentication-manager>
but in my database i already have an encrypted password using a customized function that is not a pure md5 hash. my question is can i call this function from my security-config.xml instead of
<password-encoder hash="md5"/>
or if there another way?
thank you in advance.
You can register your custom password encoder (create a class that implements PasswordEncoder) which will call your customiwed function.
In your XML, change :
<password-encoder hash="md5"/>
with :
<password-encoder ref="passwordEncoder">
which passwordEncoder is the name of your class/bean implementing PasswordEncoder.