How can I encrypt a password coming from application.properties?
spring:
security:
user:
name: bob
password: alice
Spring security authentication:
@Configuration
@EnableWebSecurity
public class BasicAuthConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.httpBasic();
return http.build();
}
//TODO: Not working
//@Bean
// public PasswordEncoder passwordEncoder() {
//return new BCryptPasswordEncoder(10);
//}
}
I assume passwordEncoder() is called and encrypts the password.
(EDIT: If not, how can I access the properties password so I can call the passwordEncoder explicitly?)
But when I try to make a basic authentication request using raw password(bob:alice) it doesn't work.
I'm getting 401 and Spring log is Encoded password does not look like BCrypt.
How can I encrypt my password and also allow clients to make requests with raw credentials?
Keep the PasswordEncoder bean, and put in properties the password encoded by your encoder (not the raw password).
So in your case sth. like this:
spring:
security:
user:
name: bob
password: $2a$10$2T4wM24pGyHuLj12SI/rC.C1gkg4mLGTuzTse3choIVIOtlgsWmPC