Authentication not working with password Encoder

**binoz** · Jan 18th, 2011, 11:44 AM

<security:authentication-manager alias="authenticationManager" >

<security:authentication-provider user-service-ref="customUserDetailsService">

<security

assword-encoder hash="md5"/>

</security:authentication-provider>

</security:authentication-manager>

----------------

I am not able to authenticate with md5 password encoding. When I remove encoding I am able to authenticate the credentials.

I am using Spring version 3.0.5 and Spring Security version 3.0.5. Also using JDK 1.6.

Thanks in Advance

**Luke Taylor** · Jan 18th, 2011, 11:52 AM

Given what you've said, the most likely explanation is that the passwords aren't MD5-encoded in your user data store.

**binoz** · Jan 18th, 2011, 12:00 PM

I do have my password encoded to MD5.
this string for "password"
5F4DCC3B5AA765D61D8327DEB882CF99

When I change the value of password in database to string "password" and
remove this attribute
<security

assword-encoder hash="md5"/>

I am fine.

This same code was working with version 2.x. this was my attempt to migrate to version 3.x

Thanks for you prompt reply.

**Luke Taylor** · Jan 18th, 2011, 12:07 PM

Ok, you didn't mention anything about changing the password to plaintext.

Write a test case which uses the AuthenticationProvider and step through it in a debugger to see why the authentication is failing. It may just be a case sensitivity issue, for example.

**binoz** · Jan 18th, 2011, 12:14 PM

Here is some more details.
StackTrace dump for Exception.

SEVERE: org.springframework.security.authentication.BadCre dentialsException: Bad credentials
at org.springframework.security.authentication.dao.Da oAuthenticationProvider.additionalAuthenticationCh ecks(DaoAuthenticationProvider.java:71)
at org.springframework.security.authentication.dao.Ab stractUserDetailsAuthenticationProvider.authentica te(AbstractUserDetailsAuthenticationProvider.java: 146)

-bino

**Luke Taylor** · Jan 18th, 2011, 12:21 PM

As I said, step through the code in a debugger. And try converting the hash to lower case.

**binoz** · Jan 18th, 2011, 12:23 PM

You are right
The encoding was not in lower case. It is working now.

Thanks for your help.

-Bino

**Luke Taylor** · Jan 18th, 2011, 12:28 PM

Did you look at the values in the debugger?

And did you try it with a lower case hash value?

Thread: Authentication not working with password Encoder

Thread Tools

Display

Authentication not working with password Encoder

Tags for this Thread

Posting Permissions