I am pulling my hair out because of this. I have a simple user object like this
@Entity
public class User {
private static final PasswordEncoder pwEncoder = new BCryptPasswordEncoder();
@Id
@GeneratedValue
private long id;
@NotNull(message = "FIELD_IS_NULL")
@NotEmpty(message = "FIELD_IS_REQUIRED")
@Length(min = 3, message = "FIELD_MUST_HAVE_AT_LEAST_3_CHARACTERS")
private String username;
@NotNull(message = "FIELD_IS_NULL")
@NotEmpty(message = "FIELD_IS_REQUIRED")
@Length(min = 6, message = "FIELD_MUST_HAVE_AT_LEAST_6_CHARACTERS")
@Pattern(regexp = "^(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{6,128}$", message="PW_MIN_6_MAX_128_1_UPPER_1_LOWER_1_NUMERIC")
private String password;
public User(String username, String password){
this.username = username;
this.password = pwEncoder.encode(password);
}
}
This works fine except that password hashing occurs before any verification, which means that the hashed password is verified instead of unashged.
I use the PagingAndSortingRepository
repository for all my needs, and I would really like to avoid the implementation of the controller just for this case.
I feel like I am missing something really big ...
source
share