Spring Database Security Authentication with Hibernate and Password Hashing?

Question

Spring Database Security Authentication with Hibernate and Password Hashing?

I am trying to configure spring security 3 to authenticate users with my hibernate 3 database. I only store the sha1 hashes of passwords in the database (not plain text).

I looked over this and this one , which says that I am implementing my own UserDetailsService. Unfortunately, UserDetails, which loads the name loadUserByUsername, seems to require a plaintext password, which I don't have.

How is this usually handled? Can spring Security really do what I need here? Did I miss something?

+3

authentication spring-security passwords hibernate hash

Seth Apr 27 '10 at 21:59

source share

2 answers

Normaly Userdetails contains a hashed password, and you just need to configure Spring Security to use the correct encoder to authenticate with it.

 <password-encoder hash="md5"/>

" " @Spring Security 3 Hibernate.

:

<password-encoder hash="sha"/>

+2

Kdeveloper 28 . '10 9:16

dube · Accepted Answer · 2010-04-28T07:39:27+0000

When you set up UserDetailsService, spring uses this to load users and then compares them with login data. This means that it compares passwords. However, you can configure a password encoder: Doc: add a password encoder

or just write your own AuthenticationManager or AuthenticationProvider , which loads the user and decides if the user has successfully registered. Just implement the AuthenticationProvider interfaces and configure

<authentication-manager>
  <authentication-provider ref="myAuthenticationProvider"/>
</authentication-manager>

<bean id="myAuthenticationProvider"
  class="stackoverflow.SuperduperMegaAuthenticationProvider">
</bean>

Spring Database Security Authentication with Hibernate and Password Hashing?

More articles: