lior
Reputation: 1187
How to configure BCryptPasswordEncoder in security xml
I read every API and documentation of spring security but i cant find how to configure the BCryptPasswordEncoder strength parameter in the spring security bean xml.
trying to do somthing like: BCryptPasswordEncoder(int strength);
My security.xml:
<bean id="bCryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userDetailsServiceImpl">
<security:password-encoder ref="bCryptPasswordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
Upvotes: 1
Views: 7178
Answers (1)
Rob Winch
Reputation: 21720
For this you would use Spring's constructor dependency injection on the BCryptPasswordEncoder.
<bean id="bCryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<constructor-arg value="100"/>
</bean>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userDetailsServiceImpl">
<security:password-encoder ref="bCryptPasswordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
As of Spring 3.1 you can make this more concise using the c-namespace. For example:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:c="http://www.springframework.org/schema/c"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="bCryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"
c:strength="100"/>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userDetailsServiceImpl">
<security:password-encoder ref="bCryptPasswordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
You will notice that in this example
- There is a new xmlns:c declaration
- the value after c: in bCryptPasswordEncoder corresponds to the constructor argument name. Alternatively you could use c:_0 to specify the index.
See the previous link for more details on the c-namespace.
Upvotes: 4
Related Questions
- How override the default BCryptPasswordEncoder created through PasswordEncoderFactories?
- Consider defining a bean of type 'org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder' in your configuration
- SecurityConfiguration required bean of type BCryptPasswordEncoder
- Retrieving password salt with BCryptPasswordEncoder in Spring
- Decoding Spring security BCryptPasswordEncoder
- Spring boot bcrypt.BCryptPasswordEncoder and Authentication issue
- BCryptPasswordEncoder Spring Security not defining
- How can decode the password using BCryptPasswordEncoder?
- Spring Security - BcryptPasswordEncoder
- How to add arguments to constructor of BCryptPasswordEncoder to make it stronger?