Reputation: 620
Spring Security 3 + Random Salt
So I understand that you can check a password in Spring Security with salt based on a userDetail property and then hash it to compare to a hash in the database, however what if the salt used when creating each user is random (and is stored in the DB), would I need to create my own userDetails class that contains a salt property and then set that as the field spring security uses to salt with in the securityApplicationContext?
If so how would I go about writing my own userDetails class to accomplish that? Sorry still pretty new to Spring/Java.
Upvotes: 2
Views: 817
Answers (1)
Reputation: 7792
Ok but then how do I tell the securityApplicationContext to use myCustomUserDetails class to store the user instead of the default userDetails class?
Like this:
<b:bean id="customUserDetailsService" class="com.your.company.security.MyUserDetailsService"/>
<s:authentication-provider user-service-ref="customUserDetailsService" />
This goes in your security context.
Also this might help.
Writing a custom UserDetailsService.
Upvotes: 1
Related Questions
- Spring Security : Encrypt password
- Hashing and Salting Passwords with Spring Security 3
- Handling salt with spring security PasswordEncoder
- Implementing hash and salt in Spring 3 security
- Salting a password with spring 3 security
- Spring security password hash + salt
- Spring Security Custom Authentication and Password Encoding
- How Spring encodePassword with salt
- In Spring Security, how does a random salt get properly generated during password comparison?
- Spring Security 3: Salting password issue