Spring Security Digest Authentication failed to match

http://www.kenansevindik.com/feature-interaction-problems-and-spring-security/

Failed to authenticate the user as I have password in database in encrypted format (BCryptPasswordEncoder) but digest auth feature require the password in plain text.

2019-04-08 10:04:34 DEBUG o.s.s.w.a.w.DigestAuthenticationFilter - Expected response: '566f382eec8c9784e49487d3fce5ba35' but received: '027c1a2bdd89852bff89eac0624f0654'; is AuthenticationDao returning clear text passwords?

Comment From: nealeu

The same password will always be required from the end user. This is not a bug but intended behaviour as per the Spring Security documentation.

Comment From: eleftherias

As mentioned, this is expected behavior.

See the Digest Authentication section of the reference documentation.

You should not use Digest Authentication in modern applications because it is not considered secure. The most obvious problem is that you must store your passwords in plaintext, encrypted, or an MD5 format. All of these storage formats are considered insecure. Instead, you should store credentials using a one way adaptive password hash (i.e. bCrypt, PBKDF2, SCrypt, etc) which is not supported by Digest Authentication.