Summary
use deprecated method User#withDefaultPasswordEncoder() in sample project
Expected Behavior modify that sample
Version 5.x and above
Sample
/**
* @author Joe Grandja, Jinhwan
*/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Bean
public PasswordEncoder passwordEncoder(){
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorize -> authorize
.antMatchers("/css/**", "/index").permitAll()
.antMatchers("/user/**").hasRole("USER")
)
.formLogin(formLogin -> formLogin
.loginPage("/login")
.failureUrl("/login-error")
);
}
// @formatter:on
@Bean
public UserDetailsService userDetailsService() {
UserDetails userDetails = User.builder()
.passwordEncoder(passwordEncoder::encode)
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(userDetails);
}
}
Comment From: rwinch
This is expected.
See the deprecated message in https://docs.spring.io/spring-security/site/docs/5.3.0.RELEASE/api/org/springframework/security/core/userdetails/User.html#withDefaultPasswordEncoder--
Also see https://docs.spring.io/spring-security/site/docs/5.3.0.RELEASE/reference/html5/#authentication-password-storage-dep-getting-started