In spring 5 + the encryption type SHA-512 is deprecated. In my API project, I'm using the spring 5+, I have to use SHA-512 as the DB is old type password encryption. My encoder method needs to return a custom class object that encodes to SHA-512 with user email as salt. I'm using a custom user table. Any idea of how to deal with this situation? Thanks for the help guys. My spring security class:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final CustomUserDetailsService customUserDetailsService;
@Autowired
public SecurityConfig(CustomUserDetailsService customUserDetailsService{this.customUserDetailsService=customUserDetailsService;}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/api/**").authenticated()
.and()
.httpBasic()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(customUserDetailsService);
authProvider.setPasswordEncoder(encoder());
return authProvider;
}
@Bean
public DelegatingPasswordEncoder encoder() {//what i return here for SHA-512?;}
}