Spring Security supports following hashing algorithms :
- plaintext
- sha
- sha-256
- md5
- md4
Required Tools used for this Application:
- Spring MVC 3.0.1
- Spring Security 3.1.0
- STS 2.8.1.RELEASE
- Tomcat 7
- Jdk 1.7
- Jacksum 1.7.0
Popular Tutorials
Password Hashing:
For password hashing, we are incorporating Jacksum 1.7.0, you can download it from here.
After downloading it, execute the below CMD command to generate hash value of the plain text/password, by using the same folder path where you download it ,as follows :
In above my password is "sweetu" after hashing we will get as "22c27ff8a5be6260871523871ee37d0768eb02fc"
when it is "sweety" then we will get as "15eabb8159c574ddb45fea23e853e18bc599ce87".
In original example, password is stored in clear text. As follows.
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash="sha"/>
<security:user-service>
<security:user name="dineshonjava" password="sweety" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
Now, use "jacksum" to hash the password "sweety" with SHA algorithm is "15eabb8159c574ddb45fea23e853e18bc599ce87".
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash="sha"/>
<security:user-service>
<security:user name="dineshonjava"
password="15eabb8159c574ddb45fea23e853e18bc599ce87"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
Use this hashed password in sdnext-security.xml as follows :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/index*" access="ROLE_USER" />
<security:form-login login-page="/login" default-target-url="/index"
authentication-failure-url="/fail2login" />
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash="sha"/>
<security:user-service>
<security:user name="dineshonjava" password="15eabb8159c574ddb45fea23e853e18bc599ce87" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
Now rest of the code is same as the previous example no need to discuss every file just look and run the application.
Running the example
Export the example as war and deploy it Tomcat 7 server. While browsing the project you will get the following screen for loging:
Access URL "http://localhost:8080/sdnext/index", Spring will redirect to your custom login form.
URL : http://localhost:8080/sdnext/login
If username/password is correct, then
URL : http://localhost:8080/sdnext/index
Download Source Code-
SpringSecurityPasswordHashing.zip
References-
http://www.dineshonjava.com/2013/02/spring-security-form-based-login-example.html
Spring Security
Spring Security documentation
SHA-1 hashing algorithm
Jacksum Java library
Spring Security Related Posts
- Spring Security Interview Questions and Answers
- Spring Security Java Based Configuration with Example
- Spring Security Hello World Example
- Spring Security form-based login example
- Spring Security Login Form Based Example Using Database
- Spring Security Authentication Example Using HTTP Basic
- Spring Security Authorized Access Control Example
- Spring Security Customized Access Denied Page
- Spring Security Custom Error Message
- Spring Security Logout Example
- Spring Security Fetch Logged in Username