CODEWITHSUNDEEP
javaspringhibernatespring-boot
泉泉 占柱
泉泉 占柱

Reputation: 133

How to store hashed password in database?

Here are my register controller and user service. Why can I not store my password in my database?

When I'm using Postman it returns values of the hashed password, but when I check my database it only stores the "email" and the password is null. Why? Should I create another table Password to store them?

package demo2.demo.Controller;

import demo2.demo.data.model.User;
import demo2.demo.data.service.UserService;
import demo2.demo.model.dto.UserDTO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;


@RestController
public class LoginController {

    @Autowired
    private UserService userService;
    @Autowired
    private PasswordEncoder passwordEncoder;

    @PostMapping(path = "/register")
    public User registerNewUser(@RequestBody UserDTO userDTO) {
        User user = new User();
        user.setEmail(userDTO.getEmail());
        user.setPassword(userDTO.getPassword());
        userService.register(user);
        return user;
    }
}

package demo2.demo.data.service;

import demo2.demo.constant.RoleConstant;
import demo2.demo.data.model.User;
import demo2.demo.data.model.UserRole;
import demo2.demo.data.repository.UserRepository;
import demo2.demo.data.repository.UserRoleRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

@Service
public class UserService {

    @Autowired
    private UserRepository userRepository;
    @Autowired
    private UserRoleRepository userRoleRepository;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

//  find by email
    public User findByEmail(String email) {
        return (User) userRepository.findUserByEmail(email);
    }
//    find by id
    public User findByID(int id) { return userRepository.findById(id).orElse(null);}

//    register
    public void register(User user) {
        try {
            //        hash password
            user.setPassword(passwordEncoder().encode(user.getPassword()));
            //        save user
            userRepository.save(user);
            //        tạo quyền role
            UserRole userRole = new UserRole();
            userRole.setRoleID(RoleConstant.roleUser);
            userRole.setUserID(user.getId());
            userRoleRepository.save(userRole);
        }catch (Exception e) {
            e.getMessage();
        }
    }
}

this is my user_role class

@Entity(name = "dbo_user_role")
public class UserRole {
    @GeneratedValue(strategy = GenerationType.AUTO)
    @Column(name = "user_role_id")
    @Id
    private int id;
    @Column(name = "role_id")
    private int roleID;
    @Column(name = "user_id")
    private int userID;
//  getter&setter

This is role class

@Entity(name = "dbo_role")
public class Role {
    @GeneratedValue(strategy = GenerationType.AUTO)
    @Column(name = "role_id")
    @Id
    private int id;
    private String name;

    @ManyToMany(fetch = FetchType.LAZY,
                cascade = {
                        CascadeType.MERGE,
                        CascadeType.PERSIST
                })
    @JoinTable(name = "dbo_user_role",
                joinColumns = {@JoinColumn(name = "role_id")},
                inverseJoinColumns = {@JoinColumn(name = "user_id")})
// getter&setter

And this is role class

@Entity(name = "dbo_user")
public class User {
    @GeneratedValue(strategy = GenerationType.AUTO)
    @Column(name = "user_id")
    @Id
    private int id;
    private String email;
    @Transient
    private String password;

Upvotes: 1

Views: 825

Answers (1)

Grim
Grim

Reputation: 1974

@Transient avoids the persistence of the password-field.

From https://docs.jboss.org/hibernate/jpa/2.1/api/javax/persistence/Transient.html

Specifies that the property or field is not persistent.

In order to store the contents of the field, remove the @Transient annotation.

Upvotes: 2

Related Questions