Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Password encoding with Spring Data REST

Tags:

spring-data-rest

How should I encode automatically the subbmitted plain password field of my entity with Spring Data REST?

I'm using BCrypt encoder and I want to automatically encode the request's password field, when the client send it via POST, PUT and PATCH.

@Entity
public class User {
  @NotNull
  private String username;
  @NotNull
  private String passwordHash;
  ...
  getters/setters/etc
  ...
}

First I tried to solve with @HandleBeforeCreate and @HandleBeforeSave event listeners but the User in it's argument is already merged, so I can't make any difference between the User's new password, or the old passwordHash:

@HandleBeforeSave
protected void onBeforeSave(User user) {
    if (user.getPassword() != null) {
        account.setPassword(passwordEncoder.encode(account.getPassword()));
    }
    super.onBeforeSave(account);
}

Is that possible, to use @Projection and SpEL on a setter method?

like image 512
Plutoz Avatar asked May 15 '15 13:05

Plutoz

2 Answers

You can implement a Jackson JsonDeserializer:

public class BCryptPasswordDeserializer extends JsonDeserializer<String> {

    public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
        ObjectCodec oc = jsonParser.getCodec();
        JsonNode node = oc.readTree(jsonParser);
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String encodedPassword = encoder.encode(node.asText());
        return encodedPassword;
    }
}

And apply it to your JPA Entity property:

// The value of the password will always have a length of 
// 60 thanks to BCrypt
@Size(min = 60, max = 60)
@Column(name="password", nullable = false, length = 60)
@JsonDeserialize(using = BCryptPasswordDeserializer.class )
private String password;
like image 117
robgmills Avatar answered Oct 14 '22 00:10

robgmills

Modifying setter method of password field is sufficient, as shown below:

public void setPassword(String password) {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        this.password = encoder.encode(password);
    }

Refer: https://github.com/charybr/spring-data-rest-acl/blob/master/bookstore/src/main/java/sample/sdr/auth/bean/UserEntity.java

like image 2
charybr Avatar answered Oct 13 '22 23:10

charybr
Sign in to Comment

Related questions

How to only fetch data owned by an authenticated user in GraphRepository
How to Construct a POST Request Which Expects No Body
Returning JSON as Response Spring Boot
Customize query for paging and sorting in Spring data rest
Force spring data rest to use https scheme
Spring Data REST - difference between @PrePersist and @HandleBeforeCreate?
Spring data rest status 500 for entity with relation
Spring Data Rest - Add link to search endpoint
Spring not loading data even with FetchType.EAGER set
Spring Data REST and custom entity lookup (Provided id of the wrong type)
How to create resource with unique many-to-many relationsships in Spring Data REST?
How to configure Auditing via Java Config in Spring Data (and Spring Data Rest)?
Jackson confused with bidirectional one-to-many relationship : failed to lazily initialize collection
Spring Data Rest - Parameters with default values
Spring Data REST: "no String-argument constructor/factory method to deserialize from String value"
How to remove hypermedia elements from representations produced by Spring Data REST?
Business logic before to save an entity in Spring JPA
Spring boot: How to configure pagination on a @RepositoryRestResource?
Spring Data Rest user repository BCCrypt password
Add link to Spring Data REST Repository resource

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!