SHA password encoder with salt not working

**vikas_chess** · Nov 18th, 2012, 03:22 AM

I am stroring SHA encoded password in the database using ShaPasswordEncoder class as shown below:

applicationContext.xml

Code:

	<bean
		class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"
		id="passwordEncoder" />

java code to encrypt password and save into the db

Code:

	@Autowired
	PasswordEncoder passwordEncoder;

        ...

		String encodedPassword = passwordEncoder.encodePassword(
				person.getPassword(), null);
		person.setEncodedPassword(encodedPassword);

                // save person object to db
                ...

now, using password-encoder tag of Spring Security 3.0, I am encrypting password entered by user and then comparing it with the encrypted password stored above.

security-config.xml

Code:

	<authentication-manager>
		<authentication-provider user-service-ref="customUserDetailsService">
		<password-encoder hash="sha" />
	</authentication-provider>

The above scenario is working fine.

But, when I am adding salt then its not working. Please find below the changes:

changes in java code:

Code:

		String encodedPassword = passwordEncoder.encodePassword(
				person.getPassword(), "name"); // where, name is property of Person class

changes in security-config.xml

Code:

	<authentication-manager>
		<authentication-provider user-service-ref="customUserDetailsService">
		<password-encoder hash="sha">
			<salt-source user-property="name" />
		</password-encoder>
	</authentication-provider>

Thread: SHA password encoder with salt not working

Thread Tools

Display

SHA password encoder with salt not working

Posting Permissions