Menu
I am working on web application project in Spring Hibernate MVC. I am storing encoded passwords in a database using Bcrypt algorithm in Spring security.
Now I want to get that encoded password to be decoded to deactivate a use account where in I am giving user email and password to verify before user deactivate the account. I have a problem in getting the decoded password.
Can anyone help me to get out of it or any alternate solution for my requirement?
711
There's no way to decrypt the password. Alternatively, the one-way password encoder returns the same encrypted string if you call the encoding algorithm with the same password. The authentication can be accomplished by re-encoding the password and checking the current encoded password in the database.
BCrypt algorithm In this algorithm, the password to be encoded goes through the following steps: The password is first salted, which means a random sequence of characters is added to it. The password is then hashed. The hashing process keeps iterating itself for the specified number of rounds, called the cost factor.
Spring Security supports many password encoders, for both old and modern algorithms. Also, Spring Security provides methods to work with multiple password encodings in the same application.
Bootstrap: @Autowired private BCryptPasswordEncoder bCryptPasswordEncoder; @GetMapping("/test") public void fillDatabse() { String encodedPw=bCryptPasswordEncoder. encode("test"); Password p = new Password(encodedPw);
The problem is solved by using below code:
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); encoder.matches(password, user.getPassword()); password - from form(JSP)user.getPassword() - from database
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); if(email.equalsIgnoreCase(user.getEmail()) && encoder.matches(password, user.getPassword())) { userService.deactivateUserByID(user.getId()); redirectAttributes.addFlashAttribute("successmsg", "Your account has been deactivated successfully."); model.setViewName("redirect:/logout"); }else{ redirectAttributes.addFlashAttribute("errormsg", "Email or Password is incorrect"); model.setViewName("redirect:/app/profile/deactivate"); } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With