Encrypt User Password with Spring Security

In this tutorial, you will learn how to add Spring Security to your project so that we can use Spring Security to encrypt user passwords.

I assume you already have a project created with Spring Boot, but in case you do not have one, check out my blog post on how to “Create a very simple Web Service Project with Spring Boot“.

1. Add Spring Security to pom.xml File

I will begin by adding a Spring Security dependency to a pom.xml file of my Spring Boot project. Open the pom.xml file and add the following dependency:

 <!-- Security dependencies -->
<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Once you add the above dependency, none of your Web Service API endpoints will be available unless you provide a Bearer token in the request’s header. The Sign-up URL is usually public and should not require an authorization token.

If you want to learn how to implement user sign-up and store user details in a database, read “How to save user details to a database with Spring Data JPA“.

2. Create the BCryptPasswordEncoder Bean

To encrypt user passwords with Spring Security, we use the BCryptPasswordEncoder. You can also BCrypt to implement Custom Password Encoder.

Before you can start using BCryptPasswordEncoder, you need to create a new object of it and add this object to Spring Application Context. To do that, add the following method to the main or configuration class in your Spring Boot application.

@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
 return new BCryptPasswordEncoder();
}

After adding the above code method, my main Spring Boot application class looks like this:

package com.appsdeveloperblog.app.ws;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@SpringBootApplication
public class MobileAppWsApplication {

 public static void main(String[] args) {
  SpringApplication.run(MobileAppWsApplication.class, args);
 }
 
 @Bean
 public BCryptPasswordEncoder bCryptPasswordEncoder() {
  return new BCryptPasswordEncoder();
 }
}

Once you have created the BCryptPasswordEncoder as a Bean, you can Autowire it into your @Service class and use it to encrypt the provided user password.

Below is an example of the Service class and a method that uses BCryptPasswordEncoder to encrypt the user password before it is saved in a database.

Please note the use of bCryptPasswordEncoder.encode() function. It accepts the password and encodes it. After the password is encoded, it can be stored securely in a database table.

bCryptPasswordEncoder.encode(String)

example of createUser() function that uses the BCryptPasswordEncoder.

@Service
public class UserServiceImpl implements UserService {

    private final UserRepository userRepository;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;

    @Autowired
    public UserServiceImpl(UserRepository userRepository,
            BCryptPasswordEncoder bCryptPasswordEncoder) {
        this.userRepository = userRepository;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }

@Override
    public UserDto createUser(UserDto userDto) {
        UserDto returnValue = new UserDto();

        ...
  
        // Generate secure password
        userDto.setEncryptedPassword(bCryptPasswordEncoder.encode(userDto.getPassword()));

        UserEntity userEntity = new UserEntity();
        BeanUtils.copyProperties(userDto, userEntity);

        // Record data into a database
        userEntity = userRepository.save(userEntity);
 
         ...

        return returnValue;
    }

}

Custom Password Encoder

You might also be interested to learn how to implement Custom Password Encoder.

Conclusion

I hope this short blog post is of some value to you.

The Spring Boot Framework makes it very easy to add Security features to your Web Service application. Encrypting password is one of these features.

If you need help implementing this functionality in your project, look at my video course “RESTful Web Services with Spring Boot and Spring MVC“. In this course, I demonstrate how to implement User Sign-up and Sign-in features step-by-step.

Happing learning!

Leave a Reply

Your email address will not be published. Required fields are marked *