Skip to content

Commit

Permalink
Use legacy password encoder
Browse files Browse the repository at this point in the history
  • Loading branch information
@making
making committed Aug 17, 2023
1 parent 6804197 commit ca01884
Showing 1 changed file with 23 additions and 7 deletions.
30 changes: 23 additions & 7 deletions src/main/java/com/example/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,18 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.context.DelegatingSecurityContextRepository;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;

import java.util.Map;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;

@Configuration
public class SecurityConfig {
Expand All @@ -30,10 +32,24 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http,

@Bean
public PasswordEncoder passwordEncoder() {
String idForEncode = "bcrypt";
DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder(idForEncode,
Map.of(idForEncode, new BCryptPasswordEncoder()));
return passwordEncoder;
PasswordEncoder legacyMd5Encoder = new PasswordEncoder() {
@Override
public String encode(CharSequence rawPassword) {
try {
MessageDigest messageDigest = MessageDigest.getInstance("MD5");
return new String(Hex.encode(messageDigest.digest(Utf8.encode(rawPassword))));
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}

@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return Objects.equals(this.encode(rawPassword), encodedPassword);
}
};
return legacyMd5Encoder;
}

@Bean
Expand Down

0 comments on commit ca01884

Please sign in to comment.