I am working with a legacy application that stored passwords in plaintext. I have ported the application to spring 3 mvc + security. I have also successfully gotten spring security handling the authentication and authorization using sha256 + a salt based on the username. This all works great, however as part of the deployment, I will need to migrate the existing database to use the new password schema. I am not sure how spring security does it's password hashing with a salt, so i am unable to write a sql script that can be used to migrate the old plaintext passwords to the new sha256+salt schema. Is there any documentation or resources that I can use to figure this out?
Spring security password hash + salt
7.9k Views Asked by vikash dat At
2
There are 2 best solutions below
0
madth3
On
- If you are using the default password encode then the source seems useful. (Pick the branch appropiate for the version you are using).
- You can implement your own PasswordEncoder and define the way the salt is used.
Related Questions in JAVA
- I need the BIRT.war that is compatible with Java 17 and Tomcat 10
- Creating global Class holder
- No method found for class java.lang.String in Kafka
- Issue edit a jtable with a pictures
- getting error when trying to launch kotlin jar file that use supabase "java.lang.NoClassDefFoundError"
- Does the && (logical AND) operator have a higher precedence than || (logical OR) operator in Java?
- Mixed color rendering in a JTable
- HTTPS configuration in Spring Boot, server returning timeout
- How to use Layout to create textfields which dont increase in size?
- Function for making the code wait in javafx
- How to create beans of the same class for multiple template parameters in Spring
- How could you print a specific String from an array with the values of an array from a double array on the same line, using iteration to print all?
- org.telegram.telegrambots.meta.exceptions.TelegramApiException: Bot token and username can't be empty
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Postgres && statement Error in Mybatis Mapper?
Related Questions in SPRING
- HTTPS configuration in Spring Boot, server returning timeout
- Multi Tenancy in Spring - Partitioned Data Approach
- How to create beans of the same class for multiple template parameters in Spring
- org.telegram.telegrambots.meta.exceptions.TelegramApiException: Bot token and username can't be empty
- Springboot: How to get an entity optional property and check null?
- How do I propagate the current SecurityContext to my @RabbitListener in Spring Boot?
- Spring's XML based bean configuration for Object Mapper's Case Insensitive property
- Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured. I'm using Postgresql
- springboot class org.hibernate.mapping.Bag cannot be cast to class org.hibernate.mapping.SimpleValue
- Issue while deploying JDK 17 and Spring 6 application in Tomcat 10.1.20
- Spring JPA Data Auditing - How to design it?
- Springframework test: Async not started
- Error: Cannot invoke "jakarta.servlet.http.HttpSession.getAttribute(String)" because "session" is null
- How does spring-retry determine which methods to retry when @Retryable is placed at the class level?
- problem with edge server registration in Eureka
Related Questions in SPRING-SECURITY
- How do I propagate the current SecurityContext to my @RabbitListener in Spring Boot?
- Spring security causing 404 with message "No static resource login"
- Spring JPA Data Auditing - How to design it?
- Spring 3 - Security: How to rebuild authManager () usage?
- Error: Cannot invoke "jakarta.servlet.http.HttpSession.getAttribute(String)" because "session" is null
- how to use ldap authentication with permission taken from db without needing password in UserDetails
- This error occurred when using springsecurity for database user verification: IllegalArgumentException
- Issue with configuring SpringSecurity to allow URLs in FilterChain
- getting React Hook "useSetupInterceptors" cannot be called at the top level when try to use useSignOut hook
- Spring Authorization Server `JdbcOAuth2AuthorizationService` does not save custom User object
- Customize Authorization Code claims with Spring OAuth2 Authorization Server 3.2.4
- Spring Security Reactive OAuth2 Client: Options for Customizing Refresh Endpoint
- Repository injection in an handler spring boot class performance
- Spring Security mix form based and http basic authentication
- SecurityContextHolder.getContext().getAuthentication() is null
Related Questions in SALT
- How to define the output of salt status
- how to debug salt and salt-call issue?
- Install External Python Module into Salt Execution Module
- In .net how can i make a own Login + Register (hashing + salt)?
- MySQL - How to generate a hashing password with salt in caching_sha2_password format
- Can I properly get a salt with Node.js crypto.getRandomValues method?
- Should a password salt be stored in a database
- Unattended_Windows_Update state.apply missing two points
- Does FusionAuth use a random salt for each password in Salted PBKDF2 HMAC SHA-256?
- decrypting using openssl api with iter, default pad and salt
- If an Hacker get salt and our hashed password from a database, why can't he hack the password?
- Salt - Unable to run Powershell commands in non-interactive mode
- How is there a negative salt or verified generated here while confirming a device for AWS Cognito?
- data and salt required : hashSync
- How does per user password salting work without transmitting the password as plain text?
Related Questions in SALTEDHASH
- Proper way to convert string from Postgres back to a bytes in python
- Is Argon2 better than salted hashing algorithm?
- PEPPER in a backend Flask app throwing KeyError: 'PEPPER'
- PySpark - Salting an inner join in the presence of skew
- Salted, per table-cell hashing in a database
- data and salt argument with bcrypt
- Where to get salt when hashing passwords?
- Can a password be cracked with this information?
- perl: using Digest::SHA3, using basic example from online, the bit value of the output puts it at 160, which says is a weak hash length(?)
- How can I add the feature of 'Change Password' in nodejs with passport authentication and passport-local package?
- How to change password using passport-local.Strategy and crypto in expressjs?
- Salted Hash Password Authentication
- How to validate Salted Password and Username for windows application in c#?
- Is there a way to decrypt a password using Argon2i Encryption?
- Python : Reproduce the encoding of a filezillaserver password
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
This is documented in
BasePasswordEncoder:So in your case you can compute the salted password using this simple code:
Note:
ShaPasswordEncoderextendsBasePasswordEncoder.