Password Management With PasswordEncoder

Default Password Validation In Spring Security

• By default, spring security will use the username from input credential of user to load the userDetails from the database. Then spring security will compare the input password from use and the password that contained in the database, so if the passwords are matched, then user will be authenticated.

Encode - Encrypt - Hash

• Encode is not used for security it is used for data transformation for proper consumption. So it's easy to encode/decode data and you just need to know the encoding. We have 2 popular types of encoding: URL encoding, Base64 encoding.
• Encryption is part of security, the goal is to ensure the data can only be consumed by valid recipient using key/password to decrypt (reverse encrypt). Remember that key/password has to be kept secretly. There are two main types of data encrytion are asymmetric encryption and symmetric encryption.
  • Symmetric encryption is a type of encryption where only one secret symmetric key is used to encrypt the plaintext and decrypt the ciphertext. Some common symmetric encryption methods as AES (Advanced Encryption Standard), 3DES (Triple Data Encryption Standards), Twofish
  • Asymmetric encryption, also known as Public-Key Cryptography, encrypts and decrypts the data using two separate cryptographic asymmetric keys. These two keys are known as a public key and a private key. Some common asymmetric encryption methods as RSA (named after computer scientists Ron Rivest, Adi Shamir, and Leonard Adleman), PKI (Public key infrastructure)
• Hash is a path of security. It is used to ensure data integrity, this is commonly referred as checksum, or signature. In order words, if some part of data is changed, then you can know that it's changed. We will learn about data integrity with HMAC (hash-based message authentication) in another post.
  • Salt is a random data that is used as an additional input to a one-way function that hashes data, a password or passphrase, salts are used to safeguard passwords in storage.
  • There are a huge number of widely accepted hashing algorithms available for general use. For example, MD5, SHA1, SHA224, SHA256, SHA512...
• See details in topics below:
  • Encode Decode In Spring Boot
  • Encrypt Decrypt In Spring Boot
    • Symmetric Encryption
    • Asymmetric Encryption
  • Hash In Spring Boot
    • Example With SHA-256 In Spring Boot
    • Example With SHA-512 In Spring Boot
    • Example With Pbkdf2 In Spring Boot
    • Example With Bcrypt In Spring Boot

Definition Of PasswordEncoder

• Definition Of PasswordEncoder
  • NoOpPasswordEncoder
  • StandardPasswordEncoder
  • Pbkdf2PasswordEncoder
  • BCryptPasswordEncoder
  • SCryptPasswordEncoder

Example With BCryptPasswordEncoder

• Example With BCryptPasswordEncoder

Summary

• We looked at how Spring Security validates the password with the help of password encoders.
• We understand about what is encoding, encryption and hashing.
• What is PasswordEncoder interfaces and methods inside it.
  • Definition Of PasswordEncoder
• What are different type of password encoders provided by Spring Security and details about them.
  • NoOpPasswordEncoder
  • StandardPasswordEncoder
  • Pbkdf2PasswordEncoder
  • BCryptPasswordEncoder
  • SCryptPasswordEncoder
• Enhanced our application by implementing BCryptPasswordEncoder inside it and accordingly update the user details in the DB.
• Details about Spring Security crypt package inside spring security.

References

• Spring Security Zero To Master