In the last post, we used StandardPasswordEncoder for encoding our password. In this tutorial we will use BCryptPasswordEncoder for encoding. This provides more security, you can even specify the strength by default it is 10, and in this post we are using the default configuration, we will see the custom configuration in next post.
First There is no change in jsfspring-sec-security-config.xml from our last post. Similarly there is no change in databasePasswordEncrypter.
Only change is in jsfspring-sec-bean-config.xml where we replace StandardPasswordEncoder to BCryptPasswordEncoder
jsfspring-sec-bean-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd"
>
<beans:bean id="navigator" name="navigator" class="com.mumz.jsfspringsec.beans.Navigator" scope="session">
</beans:bean>
<beans:bean id="loginBean" name="loginBean" class="com.mumz.jsfspringsec.beans.LoginBean" scope="prototype">
<beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
<beans:property name="rememberMeServices" ref="rememberMeServices"></beans:property>
<beans:property name="userDetailsService" ref="customjdbcUserService"></beans:property>
</beans:bean>
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<beans:property name="url" value="jdbc:mysql://localhost:3306/jsf-spring-security" />
<beans:property name="username" value="root" />
<beans:property name="password" value="root" />
</beans:bean>
<beans:bean id="customjdbcUserService" class="com.mumz.jsfspringsec.dao.CustomJDBCDaoImpl">
<beans:property name="dataSource" ref="dataSource"/>
<beans:property name="enableAuthorities" value="false"/>
<beans:property name="enableGroups" value="true"></beans:property>
<beans:property name="usersByUsernameQuery">
<beans:value>SELECT JSF_SPRING_SEC_USERS_USERNAME, JSF_SPRING_SEC_USERS_PASSWORD, JSF_SPRING_SEC_USERS_ENABLED FROM JSF_SPRING_SEC_USERS WHERE JSF_SPRING_SEC_USERS_USERNAME = ?</beans:value>
</beans:property>
<beans:property name="authoritiesByUsernameQuery">
<beans:value>
SELECT JSF_SPRING_SEC_ROLES_USERNAME,JSF_SPRING_SEC_ROLES_ROLE_NAME from JSF_SPRING_SEC_ROLES where JSF_SPRING_SEC_ROLES_USERNAME = ?
</beans:value>
</beans:property>
<beans:property name="groupAuthoritiesByUsernameQuery">
<beans:value>
SELECT
GROUPDTLS.JSF_SPRING_GROUPS_GROUP_ID,
GROUPDTLS.JSF_SPRING_GROUPS_GROUP_NAME,
GROUPPERMISSION.JSF_SPRING_SEC_GROUP_AUTHORITIES_AUTHORITY
FROM
JSF_SPRING_GROUPS GROUPDTLS,
JSF_SPRING_SEC_GROUP_AUTHORITIES GROUPPERMISSION,
JSF_SPRING_SEC_GROUP_MEMBERS GROUPMEMBERS,
JSF_SPRING_SEC_USERS USERS
WHERE
USERS.JSF_SPRING_SEC_USERS_USERNAME = ? AND
GROUPMEMBERS.JSF_SPRING_SEC_GROUP_MEMBERS_USER_ID = USERS.PK_JSF_SPRING_SEC_USERS AND
GROUPMEMBERS.JSF_SPRING_SEC_GROUP_MEMBERS_GROUP_ID = GROUPDTLS.JSF_SPRING_GROUPS_GROUP_ID AND
GROUPPERMISSION.JSF_SPRING_SEC_GROUP_AUTHORITIES_GROUP_ID = GROUPDTLS.JSF_SPRING_GROUPS_GROUP_ID
</beans:value>
</beans:property>
</beans:bean>
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:property name="key" value="jsfspring-sec" />
<beans:property name="userDetailsService" ref="customjdbcUserService" />
<beans:property name="alwaysRemember" value="true" />
<beans:property name="tokenValiditySeconds" value="60" />
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:property name="key" value="jsfspring-sec"/>
</beans:bean>
<beans:bean id="rememberMeFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean class="org.springframework.security.crypto.password.StandardPasswordEncoder" id="passwordEncoder">
</beans:bean>
<beans:bean id="databasePasswordEncrypter" class="com.mumz.jsfspringsec.dao.security.DBPasswordEncrypterBean" init-method="encryptDBPassword" depends-on="dataSource">
<beans:property name="passwordEncoder" ref="passwordEncoder"></beans:property>
<beans:property name="dataSource" ref="dataSource"></beans:property>
<beans:property name="selectQuery">
<beans:value>SELECT JSF_SPRING_SEC_USERS_USERNAME, JSF_SPRING_SEC_USERS_PASSWORD, JSF_SPRING_SEC_USERS_ENCRYPTED FROM JSF_SPRING_SEC_USERS WHERE (JSF_SPRING_SEC_USERS_ENCRYPTED='' || JSF_SPRING_SEC_USERS_ENCRYPTED IS NULL)</beans:value>
</beans:property>
<beans:property name="updateQuery">
<beans:value>UPDATE JSF_SPRING_SEC_USERS SET JSF_SPRING_SEC_USERS_PASSWORD = ?, JSF_SPRING_SEC_USERS_ENCRYPTED='YES' WHERE JSF_SPRING_SEC_USERS_USERNAME = ? </beans:value>
</beans:property>
</beans:bean>
</beans:beans>
That’s all, remember to clean your database before re-running this example.
Code Holic 
Hello
İ think there’s a problem with thise
should be like this as you configure in your next post
How can you make sure that this app is using bcrypt?
In DBPasswordEncrypterBean what class does passwordEncoder belong to?
In spring security xml how should configuration be regarding authentication-provider ,password encoder ref?
In application xml how should configuration be regarding databasePasswordEncrypter entry? because there s another reference to passwordencoder
good post btw and been very helpful
Blog does not let me copy paste xml file.I meant this
org.springframework.security.crypto.password.StandardPasswordEncoder” id=”passwordEncoder
lass=”org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder” id=”passwordEncoder”>
You can copy the content in your clipboard