CODEWITHSUNDEEP
spring-bootspring-security
Mr Ajay
Mr Ajay

Reputation: 439

Retrieve plain password from database from Spring security without decrypting

I have a requirement where I need to store plain text password from a application I downloaded a project

from git hub https://github.com/bezkoder/spring-boot-spring-security-jwt-authentication .It is getting

stored in the database as plain text which is what I want as per my tweak where I remove encoding(My

requirement).The problem occurs when I signin using the username and password.I am not able to find where

password is getting decrypted and checked.The login fails with a message Login failed:

Error: Unauthorized.

In the logs I see:

Unauthorized error: Bad credentials

o.s.s.c.bcrypt.BCryptPasswordEncoder : Encoded password does not look like BCrypt

I know where it is throwing exception

Authentication authentication = authenticationManager.authenticate(
                new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));

How to read plain text password from database using the above code.

Upvotes: 0

Views: 538

Answers (1)

Simon Martinelli
Simon Martinelli

Reputation: 36163

It' in the class WebSecurityConfig on line 50 to 52:

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

If you really need plain text password then you can use

@Bean
public PasswordEncoder passwordEncoder() {
    return new NoOpPasswordEncoder();
}

But this will be highly unsave.

Upvotes: 1

Related Questions