1
1
.
.
5
5
.
.
1
1
N
N
o
o
O
O
p
p
e
e
r
r
a
a
t
t
i
i
o
o
n
n
I
I
n
n
f
f
o
o
[
[
G
G
]
]
No Operation Password Encoder doesn't actually encode Password at all.
Instead it leaves it as it is in its original String format.
But when you have Passwords that are not encoded you need to specify this encoder so that Spring would know how to
properly read the Passwords (that is without decoding it).
E
E
x
x
a
a
m
m
p
p
l
l
e
e
In this tutorial User is defined inside application.properties and Password is not encoded.
Therefore we are using No Operation Password Encoder to indicate that Stored Password is not Encoded.
But "/EncodePassword" Endpoint is still included for easier comparison with other Password Encoders.
Inside the Controller we have added "/EncodePassword" Endpoint which you can use to encode other Passwords.
Inside WebSecurityConfig.java we have allowed Anonymous Access to this Endpoint.
If you want to use another password
● Start Application
○ call Endpoint http://localhost:8080/EncodePassword?password=anotherpassword
○ copy result into application.properties under spring.security.user.password
● Restart Application
○ try to access http://localhost:8080/Hello
○ in the Login Form type anotherpassword
Application Schema [Results]
Spring Boot Starters
GROUP
DEPENDENCY
DESCRIPTION
Web
Spring Web
Enables @Controller, @RequestMapping and Tomcat Server
Security
Spring Security
Enables Spring Security
http://localhost:8080/EncodePassword
?password=mypassword
Tomcat
Browser
MyController
http://localhost:8080/Hello
hello()
encodePassword()
WebSecurityConfig
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Create Project: springbott_security_passwordencoders_ldap (add Spring Boot Starters from the table)
Edit File: application.properties (add Role, User, Password)
Create Package: controllers (inside main package)
– Create Class: MyController.java (inside package controllers)
Create Package: config (inside main package)
– Create Class: WebSecurityConfig.java (inside package config)
application.properties
# SECURITY
spring.security.user.name = myuser
spring.security.user.password = mypassword
spring.security.user.roles = USER
MyController.java
package com.ivoronline.springbott_security_passwordencoders_noop.controllers;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class MyController {
@ResponseBody
@RequestMapping("/EncodePassword")
public String encodePassword(@RequestParam String password) {
//GET PASSWORD ENCODER
PasswordEncoder passwordEncoder = NoOpPasswordEncoder.getInstance();
//ENCODE PASSWORD
String encodedPassword = passwordEncoder.encode(password);
//RETURN ENCODED PASSWORD
return encodedPassword;
}
@ResponseBody
@RequestMapping("/Hello")
public String hello() {
return "Hello from Controller";
}
}
WebSecurityConfig.java
package com.ivoronline.springbott_security_passwordencoders_noop.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//====================================================================
// PASSWORD ENCODER
//====================================================================
@Bean
PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
//====================================================================
// CONFIGURE
//====================================================================
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().antMatchers("/EncodePassword").permitAll(); //Anonymouse Access
httpSecurity.authorizeRequests().anyRequest().authenticated(); //Authenticated Access
httpSecurity.formLogin(); //Default Logn Form
}
}
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/Hello
You get redirected to http://localhost:8080/login
– Username: myuser
– Password: mypassword
– Sign in
You get redirected to http://localhost:8080/Hello
http://localhost:8080/login http://localhost:8080/Hello
http://localhost:8080/EncodePassword?password=mypassword (if you want to encode another Password)
Application Structure
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
