Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1466: authentication-provider should reject child password-encoder element when used with ref attribute #1706

Closed
spring-issuemaster opened this issue Apr 24, 2010 · 0 comments

Comments

@spring-issuemaster
Copy link

@spring-issuemaster spring-issuemaster commented Apr 24, 2010

Nes Yarug (Migrated from SEC-1466) said:

Basically want to achieve the following (as was natural to me from reading the documentation and trying to adapt to my own situation):

<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg value="256"/>
/beans:bean
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<beans:property name="userPropertyToUse" value="username"/>
/beans:bean
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="userCache">
<beans:bean class="org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache">
<beans:property name="cache" ref="userCache" />
/beans:bean
/beans:property
/beans:bean

The above resulted in a null saltSource for daoAuthenticationProvider (but not a null passwordEncoder).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.