Search
Search

Decode a password before login Spring Boot

Frenk Published at Java
139
Frenk :

I have a login form with spring security jdbc authentication, it works well with normal form submission.

Now i've encrypted the user password on client side with javascript, i use cryptoJs and the encrypted password is submitted to the server, the problem is that i have to decode the password before let spring check the password hash in the database and i can't figure how to do that, i've tried with a custom filter

public class LoginFilter extends UsernamePasswordAuthenticationFilter{

    public LoginFilter(AuthenticationManager auth){
        super.setAuthenticationManager(auth);
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException{
        //Decode password
        return super.attemptAuthentication(request, response);
    } 

}

it intercept the request, i can get the password and decode it but i can't pass to the UsernamePasswordAuthenticationFilter, how can i pass to spring the decoded password instead of the encoded submitted by the user? P.S. I'm not using Https and i know that javascript encryption is probably useless

Frenk :

I've found a solution, not sure if it is the best possible but it works, Spring uses a PasswordEncoder object to check that the password typed by the user match the stored (and hashed) password.

I was using a BCryptPasswordEncoder which uses the method matches(rawPass,encodedPass) to check the password, so i've created my own PasswordEncoder in this way

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.jdbcAuthentication()
    .usersByUsernameQuery(USER_QUERY)
    .authoritiesByUsernameQuery(ROLE_QUERY)
    .dataSource(dataSource)
    .passwordEncoder(new PasswordEncoder(){

        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();

        @Override
        public boolean matches(CharSequence rawPassword, String encodedPassword) {

            // Decoding stuff on the encrypted password sended by the client (rawPassword)

            return encoder.matches(decryptedPassword, encodedPassword);
        }

        @Override
        public String encode(CharSequence rawPassword) {
            //Same crypto operation to get the plain password
            return encoder.encode(decryptedPassword);
        }
    });
}

so the client send the encrypted password to the server, the custom PasswordEncoder decrypt it to get back the plain password then pass it to the BCryptPasswordEncoder, Spring security will handle the rest of the authentication process

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Spring Boot Security with Vaadin Login

Remove "Using default security password" on Spring Boot

Error in finding the password in spring login form

Cannot login with Spring Boot Security

Custom Login Page for Spring Boot + Spring Security

Spring Boot How to check if encoded password from db is matching with password from a form before an update

Java spring boot encrypt admin password before storing it in database?

Spring Boot/ Spring Security, login form, password checking

Spring @Before changing every user login

Password Encoder/Decoder in Spring Boot

Login errors in spring boot: Encoded password does not look like BCrypt

AspectJ before spring boot starts

Spring boot & Spring security always redirect to Login

Decode the Bcrypt encoded password in Spring Security to deactivate user account

Spring Boot console password

Spring Boot Rest Security Basic Auth Password Encoder does not encrypt password on login

Spring-Boot Login without Spring Security

Validating Password and Confirmed Password Spring Boot

ssh message after login but before password

Run command on boot before login

How are Linux boot messages displayed before login

Is ufw loaded at boot before the login screen?

Spring boot login failure

Introduce token login in Spring Boot

Update Password Using Spring Boot and JPA Is Not Working

Match password efficiently in Spring Boot - JPA

Spring boot @PostMapping for login

Spring Boot Password Encoding

Change Password API Spring Boot

TOP Ranking

  1. 1

    pump.io port in URL

  2. 2

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  3. 3

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  4. 4

    Inner Loop design for webscrapping

  5. 5

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  6. 6

    mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)

  7. 7

    Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)

  8. 8

    ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

  9. 9

    How to run blender on webserver?

  10. 10

    Resetting Value of <input type="time"> in Firefox

  11. 11

    Converting a class method to a property with a backing field

  12. 12

    Ambiguous use of 'init' with CFStringTransform and Swift 3

  13. 13

    Execute ./script.sh with a crontab

  14. 14

    How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?

  15. 15

    How to pass data to the ng2-bs3-modal?

  16. 16

    Retrieve Element Tag Value XML Using Bash

  17. 17

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  18. 18

    SQL Server : need add a dot before two last character

  19. 19

    Making Array From Page Elements in jQuery

  20. 20

    Laravel's ORM sync with timestamps doesn't update timestamps

  21. 21

    Do animations stop css changes after animation completion?

HotTag

Archive