DEV Community: Vadym Dudnyk The latest articles on DEV Community by Vadym Dudnyk (@vadym_dudnyk). https://dev.to/vadym_dudnyk https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F65979%2Fc713ad71-dd70-4913-93a8-01d87f89b1c0.jpg DEV Community: Vadym Dudnyk https://dev.to/vadym_dudnyk en Password encoder in Spring Boot 2 Vadym Dudnyk Sat, 16 Jun 2018 18:48:28 +0000 https://dev.to/vadym_dudnyk/password-encoder-in-spring-boot-2-1cjh https://dev.to/vadym_dudnyk/password-encoder-in-spring-boot-2-1cjh <p>Hi, Since Spring boot 2.x there was a few changes in Spring Security, so, I will show you how to encode passwords in Spring boot 2 (which comes with new Spring Security 5).</p> <p>Most important change: </p> <p><code>DelegatingPasswordEncoder</code> it's the new default password encoder (which not tie you to a specific encoder implementation, like <code>BcryptPasswordEncoder</code>)</p> <p><code>NoOpPasswordEncoder</code> is considered as deprecated now.</p> <ul> <li>How to create password encoder bean:</li> </ul> <div class="highlight"><pre class="highlight java"><code> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="n">PasswordEncoder</span> <span class="nf">passwordEncoder</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">PasswordEncoderFactories</span><span class="o">.</span><span class="na">createDelegatingPasswordEncoder</span><span class="o">();</span> <span class="o">}</span> </code></pre></div> <ul> <li>How to encode a password (Bcrypt implementation will be used underneath):</li> </ul> <div class="highlight"><pre class="highlight java"><code> <span class="n">String</span> <span class="n">encodedPassword</span> <span class="o">=</span> <span class="n">passwordEncoder</span><span class="o">.</span><span class="na">encode</span><span class="o">(</span><span class="n">rawPassword</span><span class="o">);</span> </code></pre></div> <ul> <li>How the encoded password looks like:</li> </ul> <p><code>{bcrypt}$2a$10$GJpYuiP0cDOcE.WRlctpHOC1ROz35m9jCJ5BXFoMgnzkUjsxc6yHS</code><br> Where '{bcrypt}' determines which encoder used for encoding.</p> <ul> <li>How to check if raw password matches encoded:</li> </ul> <div class="highlight"><pre class="highlight java"><code> <span class="k">if</span> <span class="o">(!</span><span class="n">passwordEncoder</span><span class="o">.</span><span class="na">matches</span><span class="o">(</span><span class="n">rawPassword</span><span class="o">,</span> <span class="n">encodedPassword</span><span class="o">))</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">BadCredentialsException</span><span class="o">(</span><span class="s">"Bad password"</span><span class="o">);</span> <span class="o">}</span> </code></pre></div> spring java springboot2