Configuring Spring Boot Security to use BCrypt Password Encryption in Grails 3.0

Question

Configuring Spring Boot Security to use BCrypt Password Encryption in Grails 3.0

In Grails 3.0, how do you determine that Spring Boot Security should use BCrypt to encode a password?

The following lines should contain an idea of what I think should be done (but I basically just guess):

import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder PasswordEncoder passwordEncoder passwordEncoder(BCryptPasswordEncoder)

My application loads spring-boot-starter-security as a dependency:

build.gradle

 dependencies { ... compile "org.springframework.boot:spring-boot-starter-security"

And I have a service connected for userDetailsService using:

CONF / spring / resources.groovy

 import com.example.GormUserDetailsService import com.example.SecurityConfig beans = { webSecurityConfiguration(SecurityConfig) userDetailsService(GormUserDetailsService) }

+5

spring-boot spring-security bcrypt grails grails-3.0

Dem pilafian May 27 '15 at 18:54

source share

1 answer

Julian ooi · Accepted Answer · 2015-05-31T15:08:07+0000

I have the following code in grails-app/conf/spring/resources.groovy

 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder beans = { bcryptEncoder(BCryptPasswordEncoder) }

and I have a java file that performs the configuration described in spring-security . It can also be done in groovy, but I did it in java.

 import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @Configuration @EnableWebMvcSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired BCryptPasswordEncoder bcryptEncoder; @Autowired UserDetailsService myDetailsService @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // userDetailsService should be changed to your user details service // password encoder being the bean defined in grails-app/conf/spring/resources.groovy auth.userDetailsService(myDetailsService) .passwordEncoder(bcryptEncoder); } }

Configuring Spring Boot Security to use BCrypt Password Encryption in Grails 3.0

More articles: