Example usage for org.springframework.security.crypto.factory PasswordEncoderFactories createDelegatingPasswordEncoder

List of usage examples for org.springframework.security.crypto.factory PasswordEncoderFactories createDelegatingPasswordEncoder

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.crypto.factory.*
  5. PasswordEncoderFactories
  6. createDelegatingPasswordEncoder

Introduction

In this page you can find the example usage for org.springframework.security.crypto.factory PasswordEncoderFactories createDelegatingPasswordEncoder.

Prototype

@SuppressWarnings("deprecation")
public static PasswordEncoder createDelegatingPasswordEncoder()

Source Link

Document

Creates a DelegatingPasswordEncoder with default mappings.

Usage

From source file:org.springframework.security.core.userdetails.User.java

/**
 * <p>//from  w w  w  . j  ava2  s.c  o  m
 * <b>WARNING:</b> This method is considered unsafe for production and is only intended
 * for sample applications.
 * </p>
 * <p>
 * Creates a user and automatically encodes the provided password using
 * {@code PasswordEncoderFactories.createDelegatingPasswordEncoder()}. For example:
 * </p>
 *
 * <pre>
 * <code>
 * UserDetails user = User.withDefaultPasswordEncoder()
 *     .username("user")
 *     .password("password")
 *     .roles("USER")
 *     .build();
 * // outputs {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG
 * System.out.println(user.getPassword());
 * </code>
 * </pre>
 *
 * This is not safe for production (it is intended for getting started experience)
 * because the password "password" is compiled into the source code and then is
 * included in memory at the time of creation. This means there are still ways to
 * recover the plain text password making it unsafe. It does provide a slight
 * improvement to using plain text passwords since the UserDetails password is
 * securely hashed. This means if the UserDetails password is accidentally exposed,
 * the password is securely stored.
 *
 * In a production setting, it is recommended to hash the password ahead of time.
 * For example:
 *
 * <pre>
 * <code>
 * PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
 * // outputs {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG
 * // remember the password that is printed out and use in the next step
 * System.out.println(encoder.encode("password"));
 * </code>
 * </pre>
 *
 * <pre>
 * <code>
 * UserDetails user = User.withUsername("user")
 *     .password("{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG")
 *     .roles("USER")
 *     .build();
 * </code>
 * </pre>
 *
 * @return a UserBuilder that automatically encodes the password with the default
 * PasswordEncoder
 * @deprecated Using this method is not considered safe for production, but is
 * acceptable for demos and getting started. For production purposes, ensure the
 * password is encoded externally. See the method Javadoc for additional details.
 * There are no plans to remove this support. It is deprecated to indicate
 * that this is considered insecure for production purposes.
 */
@Deprecated
public static UserBuilder withDefaultPasswordEncoder() {
    logger.warn(
            "User.withDefaultPasswordEncoder() is considered unsafe for production and is only intended for sample applications.");
    PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
    return builder().passwordEncoder(encoder::encode);
}