Password Encoder in Spring Security

Spring Security’s servlet support includes storing passwords securely by integrating with PasswordEncoder. You can customize the PasswordEncoder implementation used by Spring Security by exposing a PasswordEncoder Bean. A sample code is given below.

@Configuration
@EnableWebMvc
@ComponentScan("com")
public class MyAppConfig {
    
    @Bean
    PasswordEncoder getPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
}

@EnableWebSecurity
public class MySecurityAppConfig extends WebSecurityConfigurerAdapter {
    
    @Autowired
    private PasswordEncoder passwordEncoder;
    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
        .withUser("gfg")
        .password("$2a$10$F5rzmMmNJcgwqTXmcro1eOeATecEUDsPM8WjKtF8Qx46RFDjlmCSW") // Original Password is "gfg123"
        .roles("admin");
    }
        
}

Note: We are going to use BCryptPasswordEncoder in this article.

Spring Security is a framework that allows a programmer to use JEE components to set security limitations on Spring-framework-based Web applications. In a nutshell, it’s a library that can be utilized and customized to suit the demands of the programmer. Because it is a part of the same Spring family as Spring Web MVC, it works well together. The most significant benefit of this framework is that it is both strong and very adaptable. Although it adheres to Spring’s set-up conventions, programmers may select between default provisions and modify them to their specific requirements. Read more on Spring Security and its Features in this article Introduction to Spring Security and its Features.