The PasswordEncoder method

Password hashing in Spring Security is encapsulated and defined by implementations of the o.s.s.authentication.encoding.PasswordEncoder interface. The simple configuration of a password encoder is possible through the passwordEncoder() method within the AuthenticationManagerBuilder element, as follows:

    auth
       .jdbcAuthentication()
       .dataSource(dataSource)
       .usersByUsernameQuery(CUSTOM_USERS_BY_USERNAME_QUERY)
       .authoritiesByUsernameQuery(CUSTOM_AUTHORITIES_BY_USERNAME_QUERY)
       .passwordEncoder(passwordEncoder());

You'll be happy to learn that Spring Security ships with a number of implementations of passwordEncoder, which are applicable for different needs and security requirements.

The following table provides a list of the out-of-the-box implementation classes and their benefits. Note that all implementations reside in the o.s.s.authentication.encoding package:

As with many other areas of Spring Security, it's also possible to reference a bean definition by implementing PasswordEncoder to provide more precise configuration and allowing PasswordEncoder to be wired into other beans through the dependency injection. For the JBCP calendar application, we'll need to use this bean reference method in order to hash the passwords of the newly created users.

Let's walk through the process of configuring basic password encoding for the JBCP calendar application.