1

I am configuring Spring Security for the first time, but it seems Spring can't see my client's raw password as I am getting this error.

o.s.s.c.bcrypt.BCryptPasswordEncoder : Empty encoded password

It seems like an obvious problem, but permit me, I just can't figure it our after many attempts. My SecurityConfig class is ... 

@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
CustomUserDetailsService userDetailsService;
@Autowired
BCryptPasswordEncoder bCryptPasswordEncoder;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {  auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}

}

This is my UserServiceDetails Service.

public class CustomUserDetailsService implements UserDetailsService {

@Autowired
private UserRepository repo;


@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

    Optional<Owner> optionalUser = repo.findByUsername(username);
    optionalUser
        .orElseThrow(() -> new UsernameNotFoundException("Username not 
found"));

    return optionalUser
        .map(CustomUserDetails::new).get();
    }
}

I do also have the following bean configured

public class WebMvcConfig implements WebMvcConfigurer {

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
    return bCryptPasswordEncoder;
}

} This is my userService.

public class CustomUserDetails extends Owner implements UserDetails {

public CustomUserDetails(final Owner owner) {
    super();
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {

    return getRoles().stream()
        .map(role -> new SimpleGrantedAuthority("ROLE_"+getRoles()))
        .collect(Collectors.toList());

}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}

}

I surely must be missing something, but I can't seem to figure it out. From HttpRequest, I know that the password is being posted to the System, as I logged.

Improve this question
7
  • can you post your UserDetailService? Commented Nov 22, 2018 at 21:17
  • Did you use BCEncoder to encode the password when you persist it? Commented Nov 23, 2018 at 3:19
  • @AokoQin, I used BCrypt to Persist the password, and and got 6 character hash password in the database. Commented Nov 23, 2018 at 7:12
  • @IntegralMaster,6?Is there a length limit for password in db?It should be 60. Commented Nov 23, 2018 at 7:15
  • @slimane I have it posted, did u mean UserService? I have just edited and posted that as well. Commented Nov 23, 2018 at 7:16

1 Answer 1

Reset to default
2

I found out that the OptionalUser is not mapping correctly into the UserDetail object, thereby returning a new and empty UserDetail object. the following code is wrong.

return optionalUser
    .map(CustomUserDetails::new).get();
 }

So I my new UserDetailsService class is ...

@Service
public class CustomUserDetailsService implements UserDetailsService {

@Autowired
private UserRepository repo;

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException 
{

    Optional<Owner> optionalUser = repo.findByUsername(username);
    Owner user = optionalUser.get();

    return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), getAuthorities(user));
}
public Collection<? extends GrantedAuthority> getAuthorities(Owner user) {

    return user.getRoles().stream()
        .map(role -> new SimpleGrantedAuthority("ROLE_"+user.getRoles()))
        .collect(Collectors.toList());
}
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.