Oliver Gierke (Migrated from SEC-1212) said:
Trying to use password encryption with salts pretty much conflicts with namespace configuration as you can not declare a SaltSource at the authentication-provider element. This forces one to declare the DaoAthenticationProvider as standard Spring bean which is not picked up by an AuthenticationManager created via the namespace. Thus I the standard Spring bean configuration mode bubbles up again.
As salting is a very common task to do in combination with encryption this should kick one out of the namespace config entirely.
Luke Taylor said:
The use of password encoders, with or without a salt source is already supported in the namespace, as is the addition of a custom authentication provider defined as a Spring bean. Either option is available to you so there's no question of you being "kicked out" of using namespace configuration if you want to use salted passwords.
Oliver Gierke said:
Thanks for the fast reply, Luke. I got it working after diving into the docs once again. Apparently the problem was that the configuration of salting is only contained in the "Getting Started" part (220.127.116.11). The namespace reference in the appendix is somewhat incomplete regarding the authentication-provider element. So maybe you can rebrand this ticket to either create a link to the section where usage of authentication-provider is explained or simply extend the reference for the element.
Version 3.0 will require an explicit declaration of the AuthenticationManager in the namespace, using the authentication-manager element, and the the providers will be listed in there (custom-authentication-provider will no longer be supported). See SEC-1196. This overcomes quite a few issues which have resulted as a result of having an internally registered AuthenticationManager. So there will need to be quite a few documentation changes on this front.