Password Encoding Problem like, something, created, problem

amy

So i am using SpringSec for a short time now and it works fine. The only problem i have, is that i am doing something wrong trying to encode User-Passwords.

I have a method that uses the 'ShaPasswordEncoder' to encrypt the passwords for new users. The method executes when a new User is created. it looks like:

Code:
ShaPasswordEncoder enc = new ShaPasswordEncoder();

...

public String encrypt(String pwd){
String encodedPwd = enc.encodePassword(pwd, null);
return encodedPwd;
}
But when i try to log into my application i got the credentials error message. I must be missing something here, but i don't know what! My security configuration looks like:

Code:
lt;security:authentication-managergt;   lt;security:authentication-providergt;   lt;security:password-encoder hash=quot;shaquot;/gt;     lt;security:jdbc-user-service data-source-ref=quot;securityDataSourcequot;/gt;   lt;/security:authentication-providergt; lt;/security:authentication-managergt;
The way i see it both strings are represented in different ways so that they don't match.
Any help is appreciated.

regards pascal

Hi

I am newbie to spring but this worked for meCode:
lt;beans:bean id=quot;passwordEncoderquot; class=quot;org..security.authentication.encoding.ShaPasswordEncoderquot;gt;    lt;beans:constructor-arg value=quot;256quot;/gt;
lt;/beans:beangt;

lt;bean id=quot;myBeanquot; class=quot;com.abc.service.myBean_Implquot;gt;   lt;property name=quot;passwordEncoderquot; ref=quot;passwordEncoderquot;/gt;
lt;/beangt;

passwordEncoder.encodePassword(quot;passwordquot;, null)
hope this helps.
cheers

yeah i have tried something similar. i have defined a bean:Code:
lt;bean id=quot;passwordEncoderquot; class=quot;org..security.authentication.encoding.ShaPasswordEncoderquot;gt;    lt;constructor-arg value=quot;256quot;/gt;
lt;/beangt;
this bean is loaded via ApplicationContext:

Code:
FileSystemXmlApplicationContext ctx= new FileSystemXmlApplicationContext(quot;/admotional/AA/applicationContext.xmlquot;);

PasswordEncoder passwordEncoder = (PasswordEncoder) ctx.getBean(quot;passwordEncoderquot;);
and then i call the encryptPassword-method:Code:
String encodedPwd = passwordEncoder.encodePassword(pwd, null);
and in my security.xml i have defined a password-encoder for the login:Code:
lt;security:password-encoder hash=quot;sha-256quot;/gt;
The thing i don't get is that i use sha-256 for both authentication and for encrypting the password. Before i encountered this problem i would have sworn that if i do that there won't be any problem.

Have you checked the database values? Perhaps there is case-change issue.

This is a common issue and is almost always due to the data being wrong in some way. Write a test that uses you authentication configuration and use a debugger to check why the comparison fails.