Spring Security not populating database with hashed password -

-

i'm trying populate database hashed password , log in application, matching data i'm submitting through log in form, how typical hashed password suppose work. i'm using spring security , spring boot, , far know log in form working because error encoded password not bcrypt. , know when i'm submitting user database it's not working because see plain string in password column in database. i'm not sure i'm going wrong here.

here's user object

package com.example.objects;  import java.util.hashset; import java.util.set;  import javax.persistence.column; import javax.persistence.entity; import javax.persistence.fetchtype; import javax.persistence.generatedvalue; import javax.persistence.generationtype; import javax.persistence.id; import javax.persistence.onetomany; import javax.persistence.table; import javax.persistence.version;  import com.example.security.passwordcrypto; import com.example.security.roleenum;  @entity @table(name = "users") public class user {  @id @generatedvalue(strategy = generationtype.auto) private long id;  @version private long version;  @column(name = "username") private string username;  @column(name = "password") private string password;  @column(name = "email") private string email;  @column(name = "termsofservice") private boolean termsofservice;  @onetomany(mappedby = "user") private set<userrole> roles;  @onetomany(mappedby = "user", fetch = fetchtype.lazy) private set<questionanswerset> questionanswerset;   public static user createuser(string username, string email, string password) {     user user = new user();      user.username = username;     user.email = email;     user.password = passwordcrypto.getinstance().encrypt(password);      if(user.roles == null) {         user.roles = new hashset<userrole>();     }      //create new user basic user privileges     user.roles.add(             new userrole(                     roleenum.user.tostring(),                     user             ));      return user; }  public long getid() {     return id; }  public void setid(long id) {     this.id = id; }  public long getversion() {     return version; }  public void setversion(long version) {     this.version = version; }  public string getusername() {     return username; }  public void setusername(string username) {     this.username = username; }  public string getpassword() {     return password; }  public void setpassword(string password) {     this.password = password; }  public string getemail() {     return email; }  public void setemail(string email) {     this.email = email; }  public boolean gettermsofservice() {     return termsofservice; }  public void settermsofservice(boolean termsofservice) {     this.termsofservice = termsofservice; }  public set<questionanswerset> getquestionanswerset() {     return questionanswerset; }  public void setquestionanswerset(set<questionanswerset> questionanswerset) {     this.questionanswerset = questionanswerset; }  public set<userrole> getroles() {     return roles; }  public void setroles(set<userrole> roles) {     this.roles = roles; } }

here's security config

package com.example.security;  import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.annotation.bean; import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder; import org.springframework.security.config.annotation.method.configuration.enableglobalmethodsecurity; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.enablewebsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; import org.springframework.security.core.userdetails.userdetailsservice; import org.springframework.security.crypto.bcrypt.bcryptpasswordencoder; import org.springframework.security.crypto.password.passwordencoder; import org.springframework.security.web.csrf.csrftokenrepository; import org.springframework.security.web.csrf.httpsessioncsrftokenrepository;  @configuration @enablewebsecurity @enableglobalmethodsecurity(prepostenabled = true) public class websecurityconfig extends websecurityconfigureradapter {      private static passwordencoder encoder;      @autowired     private userdetailsservice customuserdetailsservice;      @override     protected void configure(httpsecurity http) throws exception {         http.csrf()         .csrftokenrepository(csrftokenrepository());          http         .authorizerequests()             .antmatchers("/","/home","/register", "/result").permitall()             .anyrequest().authenticated();          http         .formlogin()              .loginpage("/login")                 .permitall()                 .and()              .logout()                 .permitall();      }      @override     protected void configure(authenticationmanagerbuilder auth) throws exception {         auth.userdetailsservice(customuserdetailsservice)                 .passwordencoder(passwordencoder());     }      @bean     public passwordencoder passwordencoder() {         if(encoder == null) {             encoder = new bcryptpasswordencoder();         }          return encoder;     }      private csrftokenrepository csrftokenrepository()      {          httpsessioncsrftokenrepository repository = new httpsessioncsrftokenrepository();          repository.setsessionattributename("_csrf");         return repository;      } }

my user detail service

package com.example.service;

import java.util.arraylist; import java.util.hashset; import java.util.list; import java.util.set;  import javax.transaction.transactional;  import org.springframework.beans.factory.annotation.autowired; import org.springframework.beans.factory.annotation.qualifier; import org.springframework.security.core.grantedauthority; import org.springframework.security.core.authority.simplegrantedauthority; import org.springframework.security.core.userdetails.user; import org.springframework.security.core.userdetails.userdetails; import org.springframework.security.core.userdetails.userdetailsservice; import org.springframework.security.core.userdetails.usernamenotfoundexception; import org.springframework.stereotype.service;  import com.example.dao.userdao; import com.example.objects.userrole;  @service @qualifier("customuserdetailsservice") public class customuserdetailsservice implements userdetailsservice {      @autowired     private userdao userdao;      @transactional     @override     public userdetails loaduserbyusername(final string username)             throws usernamenotfoundexception {          com.example.objects.user user = userdao.findbyusername(username);         list<grantedauthority> authorities = builduserauthority(user.getroles());          return builduserforauthentication(user, authorities);      }      private user builduserforauthentication(com.example.objects.user user,                                             list<grantedauthority> authorities) {         return new user(user.getusername(), user.getpassword(), authorities);     }      private list<grantedauthority> builduserauthority(set<userrole> userroles) {          set<grantedauthority> setauths = new hashset<grantedauthority>();          // build user's authorities         (userrole userrole : userroles) {             setauths.add(new simplegrantedauthority(userrole.getrolename()));         }          return new arraylist<grantedauthority>(setauths);     } }

and passwordcrypto

package com.example.security;  import org.springframework.beans.factory.annotation.autowired; import org.springframework.security.crypto.password.passwordencoder;  public class passwordcrypto {      @autowired     private passwordencoder passwordencoder;      private static passwordcrypto instance;      public static passwordcrypto getinstance() {         if(instance == null) {             instance = new passwordcrypto();         }          return instance;     }      public string encrypt(string str) {         return passwordencoder.encode(str);     } }

if knows i'm doing wrong , me out, awesome, let me know if need show anymore code. in advance.

use encoder user repository :

public class userrepositoryservice implements userservice {     private passwordencoder passwordencoder;      private userrepository repository;      @autowired     public userrepositoryservice(passwordencoder passwordencoder,             userrepository repository) {         this.passwordencoder = passwordencoder;         this.repository = repository;     }      private boolean emailexist(string email) {         user user = repository.findbyemail(email);         if (user != null) {             return true;         }         return false;     }      private string encodepassword(registrationform dto) {         string encodedpassword = null;         if (dto.isnormalregistration()) {             encodedpassword = passwordencoder.encode(dto.getpassword());         }          return encodedpassword;     }      @transactional     @override     public user registernewuseraccount(registrationform useraccountdata)             throws duplicateemailexception {         if (emailexist(useraccountdata.getemail())) {             logger.debug("email: {} exists. throwing exception.",                     useraccountdata.getemail());             throw new duplicateemailexception("the email address: "                     + useraccountdata.getemail() + " in use.");         }         string encodedpassword = encodepassword(useraccountdata);          user.builder user = user.getbuilder().email(useraccountdata.getemail())                 .firstname(useraccountdata.getfirstname())                 .lastname(useraccountdata.getlastname())                 .password(encodedpassword)                 .background(useraccountdata.getbackground())                 .purpose(useraccountdata.getpurpose());          if (useraccountdata.issocialsignin()) {             user.signinprovider(useraccountdata.getsigninprovider());         }         user registered = user.build();         return repository.save(registered);     } }

for morre info, check out repo

https://bitbucket.org/sulab/biobranch/src/992791aa706d0016de8634ebb6347a81fe952c24/src/main/java/org/scripps/branch/entity/user.java?at=default&fileviewer=file-view-default


Comments

Post a Comment

Popular posts from this blog

matlab - error with cyclic autocorrelation function -

-
Image
i'm trying code cyclic autocorrelation function in matlab follows: t=0:(n-1); t=t*te; i_alpha=0; tau=-n2*te:te:n2*te; alpha=-1/2:1/n:1/2; ryy_cl=zeros(length(alpha),length(tau)); alpha=alpha/te ind_tau=0; i_alpha=i_alpha+1; k=tau ind_tau=ind_tau+1; if k>0 % ryy_cl(i_alpha,ind_tau)=1/length(sig_bin_syl_mod(1:end- k))*sum((sig_bin_syl_mod(1:end-k)).*sig_bin_syl_mod(k+1:end)).*exp(1i*2*pi*alpha*t(1+k:length(sig_bin_syl_mod(1:end)))); ryy_cl(i_alpha,ind_tau)=(1/n)*sum((sig_bin_syl_mod(1:end-k)).*sig_bin_syl_mod(k+1:end)).*exp(-1i*2*pi*alpha*t(1:end-k)); else ryy_cl(i_alpha,ind_tau)=(1/n)*sum((sig_bin_syl_mod(1-k:end)).*sig_bin_syl_mod(1:end+k)).*exp(-1i*2*pi*alpha*t(1-k:end)); end end end i'm getting errors, , doesn't show expecting. according below formulae, how can fix it? the code provided incomplete, difficult confidently reproduce error. in particular, haven't de...
Read more

django - (fields.E300) Field defines a relation with model 'AbstractEmailUser' which is either not installed, or is abstract -

-
i trying create customuser django project email username , add radio button truck , company. in registration process email-id registered per truck or company. mentioned radio button 'tag' , add manytomany field tag in emailuser model. when makemigrations, raising error : (fields.e300) field defines relation model 'abstractemailuser' either not installed, or abstract. i quite new django , not sure whether have created correct code wants. please me solving this. here code, models.py: import django django.contrib.auth.models import ( abstractbaseuser, baseusermanager, permissionsmixin) django.core.mail import send_mail django.db import models django.utils import timezone django.utils.translation import ugettext_lazy _ class emailusermanager(baseusermanager): """custom manager emailuser.""" def _create_user(self, email, password, is_staff, is_superuser, **extra_fields): """create , save emailus...
Read more

c# - What is a good .Net RefEdit control to use with ExcelDna? -

-
i using exceldna , c# build suite of tools. part of forms i'd want user select cells/ranges workbook. i've got application.inputbox route working...but doesn't cool... i haven't read many things excel's refedit control, , see many have in past written workarounds, in (shudder) vba or vb.net. however, none of these seem recent... best approach/control refedit functionality on form run via exceldna (if applicable)? the refedit sample project of github explores different ways of dealing threading when showing form excel add-in, main issue making refedit control .net add-in. check page links various other implementations: https://github.com/excel-dna/exceldna/wiki/links-about-refedit
Read more