Spring Security not populating database with hashed password -

i'm trying populate database hashed password , log in application, matching data i'm submitting through log in form, how typical hashed password suppose work. i'm using spring security , spring boot, , far know log in form working because error encoded password not bcrypt. , know when i'm submitting user database it's not working because see plain string in password column in database. i'm not sure i'm going wrong here.

here's user object

package com.example.objects;  import java.util.hashset; import java.util.set;  import javax.persistence.column; import javax.persistence.entity; import javax.persistence.fetchtype; import javax.persistence.generatedvalue; import javax.persistence.generationtype; import javax.persistence.id; import javax.persistence.onetomany; import javax.persistence.table; import javax.persistence.version;  import com.example.security.passwordcrypto; import com.example.security.roleenum;  @entity @table(name = "users") public class user {  @id @generatedvalue(strategy = generationtype.auto) private long id;  @version private long version;  @column(name = "username") private string username;  @column(name = "password") private string password;  @column(name = "email") private string email;  @column(name = "termsofservice") private boolean termsofservice;  @onetomany(mappedby = "user") private set<userrole> roles;  @onetomany(mappedby = "user", fetch = fetchtype.lazy) private set<questionanswerset> questionanswerset;   public static user createuser(string username, string email, string password) {     user user = new user();      user.username = username;     user.email = email;     user.password = passwordcrypto.getinstance().encrypt(password);      if(user.roles == null) {         user.roles = new hashset<userrole>();     }      //create new user basic user privileges     user.roles.add(             new userrole(                     roleenum.user.tostring(),                     user             ));      return user; }  public long getid() {     return id; }  public void setid(long id) {     this.id = id; }  public long getversion() {     return version; }  public void setversion(long version) {     this.version = version; }  public string getusername() {     return username; }  public void setusername(string username) {     this.username = username; }  public string getpassword() {     return password; }  public void setpassword(string password) {     this.password = password; }  public string getemail() {     return email; }  public void setemail(string email) {     this.email = email; }  public boolean gettermsofservice() {     return termsofservice; }  public void settermsofservice(boolean termsofservice) {     this.termsofservice = termsofservice; }  public set<questionanswerset> getquestionanswerset() {     return questionanswerset; }  public void setquestionanswerset(set<questionanswerset> questionanswerset) {     this.questionanswerset = questionanswerset; }  public set<userrole> getroles() {     return roles; }  public void setroles(set<userrole> roles) {     this.roles = roles; } } 

here's security config

package com.example.security;  import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.annotation.bean; import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder; import org.springframework.security.config.annotation.method.configuration.enableglobalmethodsecurity; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.enablewebsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; import org.springframework.security.core.userdetails.userdetailsservice; import org.springframework.security.crypto.bcrypt.bcryptpasswordencoder; import org.springframework.security.crypto.password.passwordencoder; import org.springframework.security.web.csrf.csrftokenrepository; import org.springframework.security.web.csrf.httpsessioncsrftokenrepository;  @configuration @enablewebsecurity @enableglobalmethodsecurity(prepostenabled = true) public class websecurityconfig extends websecurityconfigureradapter {      private static passwordencoder encoder;      @autowired     private userdetailsservice customuserdetailsservice;      @override     protected void configure(httpsecurity http) throws exception {         http.csrf()         .csrftokenrepository(csrftokenrepository());          http         .authorizerequests()             .antmatchers("/","/home","/register", "/result").permitall()             .anyrequest().authenticated();          http         .formlogin()              .loginpage("/login")                 .permitall()                 .and()              .logout()                 .permitall();      }      @override     protected void configure(authenticationmanagerbuilder auth) throws exception {         auth.userdetailsservice(customuserdetailsservice)                 .passwordencoder(passwordencoder());     }      @bean     public passwordencoder passwordencoder() {         if(encoder == null) {             encoder = new bcryptpasswordencoder();         }          return encoder;     }      private csrftokenrepository csrftokenrepository()      {          httpsessioncsrftokenrepository repository = new httpsessioncsrftokenrepository();          repository.setsessionattributename("_csrf");         return repository;      } } 

my user detail service

package com.example.service;

import java.util.arraylist; import java.util.hashset; import java.util.list; import java.util.set;  import javax.transaction.transactional;  import org.springframework.beans.factory.annotation.autowired; import org.springframework.beans.factory.annotation.qualifier; import org.springframework.security.core.grantedauthority; import org.springframework.security.core.authority.simplegrantedauthority; import org.springframework.security.core.userdetails.user; import org.springframework.security.core.userdetails.userdetails; import org.springframework.security.core.userdetails.userdetailsservice; import org.springframework.security.core.userdetails.usernamenotfoundexception; import org.springframework.stereotype.service;  import com.example.dao.userdao; import com.example.objects.userrole;  @service @qualifier("customuserdetailsservice") public class customuserdetailsservice implements userdetailsservice {      @autowired     private userdao userdao;      @transactional     @override     public userdetails loaduserbyusername(final string username)             throws usernamenotfoundexception {          com.example.objects.user user = userdao.findbyusername(username);         list<grantedauthority> authorities = builduserauthority(user.getroles());          return builduserforauthentication(user, authorities);      }      private user builduserforauthentication(com.example.objects.user user,                                             list<grantedauthority> authorities) {         return new user(user.getusername(), user.getpassword(), authorities);     }      private list<grantedauthority> builduserauthority(set<userrole> userroles) {          set<grantedauthority> setauths = new hashset<grantedauthority>();          // build user's authorities         (userrole userrole : userroles) {             setauths.add(new simplegrantedauthority(userrole.getrolename()));         }          return new arraylist<grantedauthority>(setauths);     } } 

and passwordcrypto

package com.example.security;  import org.springframework.beans.factory.annotation.autowired; import org.springframework.security.crypto.password.passwordencoder;  public class passwordcrypto {      @autowired     private passwordencoder passwordencoder;      private static passwordcrypto instance;      public static passwordcrypto getinstance() {         if(instance == null) {             instance = new passwordcrypto();         }          return instance;     }      public string encrypt(string str) {         return passwordencoder.encode(str);     } } 

if knows i'm doing wrong , me out, awesome, let me know if need show anymore code. in advance.

use encoder user repository :

public class userrepositoryservice implements userservice {     private passwordencoder passwordencoder;      private userrepository repository;      @autowired     public userrepositoryservice(passwordencoder passwordencoder,             userrepository repository) {         this.passwordencoder = passwordencoder;         this.repository = repository;     }      private boolean emailexist(string email) {         user user = repository.findbyemail(email);         if (user != null) {             return true;         }         return false;     }      private string encodepassword(registrationform dto) {         string encodedpassword = null;         if (dto.isnormalregistration()) {             encodedpassword = passwordencoder.encode(dto.getpassword());         }          return encodedpassword;     }      @transactional     @override     public user registernewuseraccount(registrationform useraccountdata)             throws duplicateemailexception {         if (emailexist(useraccountdata.getemail())) {             logger.debug("email: {} exists. throwing exception.",                     useraccountdata.getemail());             throw new duplicateemailexception("the email address: "                     + useraccountdata.getemail() + " in use.");         }         string encodedpassword = encodepassword(useraccountdata);          user.builder user = user.getbuilder().email(useraccountdata.getemail())                 .firstname(useraccountdata.getfirstname())                 .lastname(useraccountdata.getlastname())                 .password(encodedpassword)                 .background(useraccountdata.getbackground())                 .purpose(useraccountdata.getpurpose());          if (useraccountdata.issocialsignin()) {             user.signinprovider(useraccountdata.getsigninprovider());         }         user registered = user.build();         return repository.save(registered);     } } 

for morre info, check out repo

https://bitbucket.org/sulab/biobranch/src/992791aa706d0016de8634ebb6347a81fe952c24/src/main/java/org/scripps/branch/entity/user.java?at=default&fileviewer=file-view-default