Reputation: 331
password change in spring-security.xml
I am new to spring security and having a third party war file which I have deployed in Tomcat Server. The access to the application is being controlled by spring-security.xml.
<beans:beans profile="some.profile">
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
I want to change the default password which I did in the above settings. But I also want to encrypt the password in this xml, so that it is not stored as plain text. I googled this but did not get any answers matching to this problem.Also I don't want to persist in DB as this is just one time.
Upvotes: 0
Views: 1604
Answers (1)
Reputation: 61
Password hash can be used by adding extra parameter "password-encoder". There are some online password hash calculators, it can be used to retrieve hash string (md5, bcrypt or different encoding method) Configuration sample of md5 encryption:
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="b91cd1a54781790beaa2baf741fa6789" authorities="ROLE_USER" />
</user-service>
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
Upvotes: 2
Related Questions
- Spring Security: How to change default user and password?
- How to update the password in Spring SecurityContext?
- Changing password using Spring security
- How to Enforce Change Password on User's initial login using Spring Security
- changing password - Spring Security
- Spring Security passepartout password
- Spring Security Password Authentication
- How to handle password change when using Spring Security
- Changing Spring Security configuration
- spring security changing spring_security_login form