Menu
I have a legacy application that we are rewriting and I am in the process of converting the existing user table. The passwords were encrypted by using sha-1 with a salt. Specifically salt+password. Example, if the salt is ABC123 and the password is XYZ789 then the string that would be encrypted is ABC123XYZ789. Spring Security by default encrypts the String XYZ789{ABC123}. How do implement my own password encrypt/validation to bypass Spring Security's default encryption.
I can post my security xml but everything is working if I update the hashed password with the password{salt} encrypted.
Thanks for you help!
262
asked Jan 21 '26 23:01
Subclass ShaPasswordEncoder and override the mergePasswordAndSalt(String, Object, boolean) method. You can see here, how it is originally implemented. Just modify the string concatenation part, and you are done.
Then, provide your own passwordEncoder like this:
<beans:bean
id="passwordEncoder"
class="my.awesome.package.MyAwesomeShaPasswordEncoder"/>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
