Spring Security Encoded password does not look like BCrypt with inmemoryAuthentication

When I am using inmemory authentication using BCryptPassword encoder, Authentication is failing and the logs states that Encoded password does not look like BCrypt. The same code works with DAOAuthenticationProvider.

I have configured inmemory authentication provider with BCryptPassword Encoder and passing the credentials using Postman client. I am getting 401 error.

Expected 200 OK but getting 401 UnAuthorized error.

Code:

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder
                .inMemoryAuthentication()

                .withUser("hari")
                .password("welcome")
                .roles("USER")

                .and()

                .withUser("kiran")
                .password("testing")
                .roles("USER", "ADMIN")
                .and()

                .passwordEncoder(passwordEncoder());


        /*authenticationManagerBuilder
                .userDetailsService(userDetailsService)
                .passwordEncoder(NoOpPasswordEncoder.getInstance());
        */

    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion.$2A);
    }

I am using Spring Boot 2.2.0 version and Spring Security 5.2.0

Link to Github: https://github.com/prashdeep/glearning-spring-security

Comment From: eleftherias

@prashdeep Since you are using a password encoder you will need to encode your password when storing it.

authenticationManagerBuilder
    .inMemoryAuthentication()
    .withUser("hari")
    .password(passwordEncoder().encode("welcome"))
    ...

Comment From: pradeepkl

Thanks for the solution.

Comment From: mohaned122

hello i have this error 2024-04-12T13:52:08.115+01:00 WARN 5724 --- [nio-8080-exec-1] o.s.s.c.bcrypt.BCryptPasswordEncoder : Encoded password does not look like BCrypt

Comment From: mohaned122

package com.pfe.isante.Config;

import com.pfe.isante.service.UserService; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;

@Configuration //L'annotation @EnableWebSecurity active la sécurité Web de Spring et configure les aspects @EnableWebSecurity @RequiredArgsConstructor public class SecurityConfig { private final JwtAuthenticationFilter jwtAuthenticationFilter; private final UserService userService; @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.csrf(AbstractHttpConfigurer::disable) //Une liste blanche des requêtes {/api/v1/auth/}, .authorizeHttpRequests(request -> request.requestMatchers("/swagger-ui/", "/api/v1/auth/","/v3/api-docs","/v3/", "/swagger-resources/configuration/ui", "/swagger-resources", "/swagger-resources/configuration/security", "/swagger-ui.html", "/webjars/**") .permitAll().anyRequest().authenticated()) .sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS)) .authenticationProvider(authenticationProvider()).addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); return http.build(); }

@Bean
//Définition du bean passwordEncoder que Spring utilisera pour décoder les mots de passe
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Bean
//Définition du bean authenticationProvider utilisé lors du processus d'authentification
public AuthenticationProvider authenticationProvider() {
    DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
    authProvider.setUserDetailsService(userService.userDetailsService());
    authProvider.setPasswordEncoder(passwordEncoder());
    return authProvider;
}

@Bean
//Définition du bean authentication manager.
public AuthenticationManager authenticationManager(AuthenticationConfiguration config)
        throws Exception {
    return config.getAuthenticationManager();
}

}

Comment From: mohaned122

@eleftherias can you help me