I am implementing spring security with the existing LDAP where the password are SSHA512 encoded. The deprecated LdapShaEncoder supports only {SHA} and {SSHA}.
Can anyone help me implement a java SSHA512 encoder along with Spring security. Or Are there any libraries which can do the job?
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Bean
public PasswordEncoder passwordEncoder() {
return new LdapShaPasswordEncoder();
}
Exception:
java.lang.IllegalArgumentException: Unsupported password prefix '{SSHA512}'
at org.springframework.security.crypto.password.LdapShaPasswordEncoder.matches(LdapShaPasswordEncoder.java:173) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.security.crypto.password.LdapShaPasswordEncoder.matches(LdapShaPasswordEncoder.java:158) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:90) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166) ~[spring-security-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
Have a look here: https://github.com/lathspell/java_test/tree/master/java_test_openldap I basically just exchanged the SHA by SHA-512 in MessageDigest.getInstance() and adjusted the prefix and length constants.