Return to site

🍃🎓 SPRING CERTIFICATION QUESTION: Does Spring Security support password hashing? What is salting?

· spring,vcp


💡 Important terms:

Hash function is a function which can be used to map data of arbitrary size to data of fixed size.

Cryptographic hash function is a one-way hash function.

The only way to recreate input data in an ideal hash function is a brute-force search.

Salt is an additional random data which is passed along with a password to a one-way hash function.

🧑‍🏫 Theory:

Nowadays passwords are not stored in a database as a plain-text strings, but instead are stored in a hashed form.

Spring Security framework supports password hashing through a PasswordEncoder interface.

More specifically, Spring Security documentation recommends to utilize DelegatingPasswordEncoder implementation

which depending on encoded password prefix, delegates to concrete PasswordEncoder implementation.

Reference implementation of a DelegatingPasswordEncoder is offered by PasswordEncoderFactories.

🧑‍💻 Practice: Encode the Password on Registration👇

private PasswordEncoder passwordEncoder;

public User registerNewUserAccount(UserDto accountDto) throws EmailExistsException {

if (emailExist(accountDto.getEmail())) {

throw new EmailExistsException(
"There is an account with that email adress:" + accountDto.getEmail());

User user = new User();


user.setRole(new Role(Integer.valueOf(1), user));



#spring #certificationquestion #vcp

Registration with Spring Security – Password Encoding 👉