🍃🎓 SPRING CERTIFICATION QUESTION: Does Spring Security support password hashing? What is salting?
🍃🎓 SPRING CERTIFICATION QUESTION: Does Spring Security support password hashing? What is salting?
Answer:
💡 Important terms:
Hash function is a function which can be used to map data of arbitrary size to data of fixed size.
Cryptographic hash function is a one-way hash function.
The only way to recreate input data in an ideal hash function is a brute-force search.
Salt is an additional random data which is passed along with a password to a one-way hash function.
🧑🏫 Theory:
Nowadays passwords are not stored in a database as a plain-text strings, but instead are stored in a hashed form.
Spring Security framework supports password hashing through a PasswordEncoder interface.
More specifically, Spring Security documentation recommends to utilize DelegatingPasswordEncoder implementation
which depending on encoded password prefix, delegates to concrete PasswordEncoder implementation.
Reference implementation of a DelegatingPasswordEncoder is offered by PasswordEncoderFactories.
🧑💻 Practice: Encode the Password on Registration👇
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public User registerNewUserAccount(UserDto accountDto) throws EmailExistsException {
if (emailExist(accountDto.getEmail())) {
throw new EmailExistsException(
"There is an account with that email adress:" + accountDto.getEmail());
}
User user = new User();
user.setFirstName(accountDto.getFirstName());
user.setLastName(accountDto.getLastName());
user.setPassword(passwordEncoder.encode(accountDto.getPassword()));
user.setEmail(accountDto.getEmail());
user.setRole(new Role(Integer.valueOf(1), user));
return repository.save(user);
}
#spring #certificationquestion #vcp
Registration with Spring Security – Password Encoding 👉 https://www.baeldung.com/spring-security-registration-password-encoding-bcrypt