Registration with PasswordEncoding

spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java

@@ -3,9 +3,7 @@
 import java.util.Locale;
 
 import org.baeldung.persistence.model.User;
-import org.baeldung.web.controller.RegistrationController;
 import org.springframework.context.ApplicationEvent;
-import org.springframework.web.context.request.WebRequest;
 
 @SuppressWarnings("serial")
 public class OnRegistrationCompleteEvent extends ApplicationEvent {

spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java

@@ -32,7 +32,7 @@ private void confirmRegistration(OnRegistrationCompleteEvent event) {
         User user = event.getUser();
         String token = UUID.randomUUID().toString();
         service.createVerificationTokenForUser(user, token);
-        
+
         String recipientAddress = user.getEmail();
         String subject = "Registration Confirmation";
         String confirmationUrl = event.getAppUrl() + "/regitrationConfirm.html?token=" + token;

spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java

@@ -0,0 +1,12 @@
+package org.baeldung.hashing;
+
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+public class HashGenerator {
+
+    public String getHashedPassword(String password) {
+        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+        String hashedPassword = passwordEncoder.encode(password);
+        return hashedPassword;
+    }
+}

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java

@@ -1,7 +1,6 @@
 package org.baeldung.persistence.model;
 
 import javax.persistence.CascadeType;
-import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
@@ -23,7 +22,6 @@ public class Role {
     @JoinColumn(name = "user_id")
     private User user;
 
-    @Column(name = "role")
     private Integer role;
 
     public Role() {

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java

@@ -3,7 +3,6 @@
 import java.util.Calendar;
 import java.sql.Date;
 import java.sql.Timestamp;
-
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java

@@ -2,6 +2,7 @@
 
 import javax.transaction.Transactional;
 
+import org.baeldung.hashing.HashGenerator;
 import org.baeldung.persistence.dao.UserRepository;
 import org.baeldung.persistence.dao.VerificationTokenRepository;
 import org.baeldung.persistence.model.Role;
@@ -20,7 +21,8 @@ public class UserService implements IUserService {
     @Autowired
     private VerificationTokenRepository tokenRepository;
 
-    // API
+    @Autowired
+    private HashGenerator hashGenerator;
 
     @Override
     public User registerNewUserAccount(UserDto accountDto) throws EmailExistsException {
@@ -30,7 +32,8 @@ public User registerNewUserAccount(UserDto accountDto) throws EmailExistsExcepti
         User user = new User();
         user.setFirstName(accountDto.getFirstName());
         user.setLastName(accountDto.getLastName());
-        user.setPassword(accountDto.getPassword());
+        String hashedPassword = hashGenerator.getHashedPassword(accountDto.getPassword());
+        user.setPassword(hashedPassword);
         user.setEmail(accountDto.getEmail());
         user.setRole(new Role(Integer.valueOf(1), user));
         return repository.save(user);
@@ -63,8 +66,6 @@ public void createVerificationTokenForUser(User user, String token) {
         tokenRepository.save(myToken);
     }
 
-    //
-
     private boolean emailExist(String email) {
         User user = repository.findByEmail(email);
         if (user != null) {

spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java

@@ -3,11 +3,10 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.baeldung.persistence.dao.UserRepository;
 import org.baeldung.persistence.model.User;
 import org.baeldung.persistence.service.IUserService;
@@ -22,8 +21,6 @@
 @Transactional
 public class MyUserDetailsService implements UserDetailsService {
 
-    private final Logger LOGGER = LoggerFactory.getLogger(getClass());
-
     @Autowired
     private UserRepository userRepository;
     @Autowired
@@ -41,14 +38,12 @@ public UserDetails loadUserByUsername(String email) throws UsernameNotFoundExcep
         boolean credentialsNonExpired = true;
         boolean accountNonLocked = true;
         try {
-            LOGGER.debug("Loading user by username: {}", email);
             User user = userRepository.findByEmail(email);
-            LOGGER.debug("Found user: {}", user);
             if (user == null) {
                 return new org.springframework.security.core.userdetails.User(" ", " ", enabled, true, true, true, getAuthorities(new Integer(1)));
             }
-            
-            return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword().toLowerCase(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole().getRole()));
+
+            return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole().getRole()));
         } catch (Exception e) {
             throw new RuntimeException(e);
         }

spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java

@@ -2,6 +2,7 @@
 
 import java.util.Locale;
 
+import org.baeldung.hashing.HashGenerator;
 import org.baeldung.validation.service.EmailValidator;
 import org.baeldung.validation.service.PasswordMatchesValidator;
 import org.springframework.context.MessageSource;
@@ -100,4 +101,11 @@ public PasswordMatchesValidator passwordMatchesValidator() {
         return passwordMatchesValidator;
     }
 
+    // DIC 7
+    @Bean
+    public HashGenerator hashGenerator() {
+        HashGenerator hashGenerator = new HashGenerator();
+        return hashGenerator;
+    }
+
 }

spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java

@@ -60,21 +60,21 @@ public String showRegistrationForm(WebRequest request, Model model) {
     @RequestMapping(value = "/regitrationConfirm", method = RequestMethod.GET)
     public String confirmRegistration(WebRequest request, Model model, @RequestParam("token") String token) {
         Locale locale = request.getLocale();
-        
+
         VerificationToken verificationToken = service.getVerificationToken(token);
         if (verificationToken == null) {
             String message = messages.getMessage("auth.message.invalidToken", null, locale);
             model.addAttribute("message", message);
             return "redirect:/badUser.html?lang=" + locale.getLanguage();
         }
-        
+
         User user = verificationToken.getUser();
         Calendar cal = Calendar.getInstance();
         if ((verificationToken.getExpiryDate().getTime() - cal.getTime().getTime()) <= 0) {
             model.addAttribute("message", messages.getMessage("auth.message.expired", null, locale));
             return "redirect:/badUser.html?lang=" + locale.getLanguage();
         }
-        
+
         user.setEnabled(true);
         service.saveRegisteredUser(user);
         return "redirect:/login.html?lang=" + locale.getLanguage();

spring-security-login-and-registration/src/main/resources/application.properties

@@ -14,4 +14,4 @@ smtp.port=465
 smtp.protocol=smtps
 smtp.username=xxx777@gmail.com
 smtp.password=
-support.email=xxx777@gmail.com
+support.email=xxx777@gmail.com

spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml

@@ -15,7 +15,7 @@
 		<intercept-url pattern="/expiredAccount*" access="permitAll" />
 		<intercept-url pattern="/registration*" access="permitAll" />
 		<intercept-url pattern="/badUser*" access="permitAll" />
-		
+
 		<intercept-url pattern="/emailError*" access="permitAll" />
 		<intercept-url pattern="/resources/**" access="permitAll" />
 		<intercept-url pattern="/invalidSession*" access="isAnonymous()" />
@@ -32,10 +32,15 @@
 
 	<beans:bean id="myAuthenticationSuccessHandler"
 		class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler" />
-
 	<authentication-manager>
-		<authentication-provider user-service-ref="userDetailsService" />
+		<authentication-provider ref="authProvider"/>
 	</authentication-manager>
+	<beans:bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
+		<beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property 
+		name="passwordEncoder" ref="encoder" /> </beans:bean>
 	<beans:bean id="userDetailsService" class="org.baeldung.security.MyUserDetailsService" />
-
+	<beans:bean id="encoder"
+		class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
+		<beans:constructor-arg name="strength" value="11" />
+	</beans:bean>
 </beans:beans>