4

I would like to know whether Spring / Spring Security provide a means to Encrypt / Decrypt a password.

The scenario would basically be to encrypt the password and store in the DB , and perform a user authentication against the same on login.

Improve this question
4
  • 3
    Generally, passwords should be hashed rather than encrypted and decrypted. You compare the hashes to see whether the user entered value is correct. Commented Jan 19, 2012 at 14:34
  • @rich.okelly Can you provide any example in that direction Commented Jan 19, 2012 at 14:41
  • SO can help here - see stackoverflow.com/questions/326699/… Commented Jan 19, 2012 at 14:44
  • Stored passwords should be hashed and salted. There should be no reasonable way to reconstruct the original password from the contents of the dB, all you need to be able to do is verify the entered password matches. Commented Dec 2, 2014 at 11:37

3 Answers 3

Reset to default
3

Take a look at the PasswordEncoder.

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-services.html

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

+1 for Spring Security Also take a look at integrating Jasypt for the actual encoding - stackoverflow.com/a/3771336/114340
But this would help in encoding the Password, how can i decode the password, its part of my requirement
You do not decode the password. You save the hash of the user's password in your db. To verify the user's password you compute the user's input again with the same hash algorithm and then compare the stored hash value against the calculated hash value.
Yes, thats right , but I have to decode to password the scenario when I want to connect to a Database, the password of which is present in an encoded form.
Is it user passwords or database passwords that you want to encrypt? User passwords should not be decryptable.
|
3

The Jasypt project library that simplifies encryption .You can find a number of examples Spring based password encoderd in Integrating Jasypt with Spring Security 2.x or 3.x (or Acegi 1.x) here are other tutorial http://blog.teamextension.com/quick-jasypt-spring-3-tutorial-626 http://chrislovecnm.com/2011/06/16/encrypting-spring-3-java-based-configurations-values-with-jasypt/

Improve this answer

1 Comment

These are just links to the documentation, which could break. Care to elaborate a bit? Show one of the examples in your answer? Otherwise, your answer will likely be removed, as we have a serious problem with link rot.
0

In case of securing access to database, LDAP or other resources, nowadays you can use Spring Boot Cloud CLI for passwords encryption and decryption

$ spring encrypt mysecret --key foo 682bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bda

$ spring decrypt --key foo 682bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bda mysecret

Later you can use these passwords in Spring Cloud Config.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.