We Are Going To Discuss About Spring Security 5 : There is no PasswordEncoder mapped for the id “null”. So lets Start this Java Article.
Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
- Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
When you are configuring the
ClientDetailsServiceConfigurer
, you have to also apply the new password storage format to the client secret..secret("{noop}secret")
- Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
When you are configuring the
ClientDetailsServiceConfigurer
, you have to also apply the new password storage format to the client secret..secret("{noop}secret")
Solution 1
When you are configuring the ClientDetailsServiceConfigurer
, you have to also apply the new password storage format to the client secret.
.secret("{noop}secret")
Original Author Edwin Diaz Of This Content
Solution 2
Add .password("{noop}password")
to Security config file.
For example :
auth.inMemoryAuthentication()
.withUser("admin").roles("ADMIN").password("{noop}password");
Original Author Sailokesh Aithagoni Of This Content
Solution 3
For anyone facing the same issue and not in need of a secure solution – for testing and debugging mainly – in memory users can still be configured.
This is just for playing around – no real world scenario.
The approach used below is deprecated.
This is where I got it from:
Within your WebSecurityConfigurerAdapter
add the following:
@SuppressWarnings("deprecation")
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}
Here, obviously, passwords are hashed, but still are available in memory.
Of course, you could also use a real PasswordEncoder
like BCryptPasswordEncoder
and prefix the password with the correct id:
// Create an encoder with strength 16
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(16);
String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
Original Author rocksteady Of This Content
Solution 4
Don’t know if this will help anyone. My working WebSecurityConfigurer and OAuth2Config code as below:
OAuth2Config File:
package com.crown.AuthenticationServer.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("crown")
.secret("{noop}thisissecret")
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
WebSecurityConfigurer:
package com.crown.AuthenticationServer.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
@Override
public UserDetailsService userDetailsService() {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);
UserDetails user = userBuilder
.username("john.carnell")
.password("password")
.roles("USER")
.build();
UserDetails admin = userBuilder
.username("william.woodward")
.password("password")
.roles("USER","ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
}
Here is the link to the project:
springboot-authorization-server-oauth2
Original Author CrownWangGuan Of This Content
Conclusion
So This is all About This Tutorial. Hope This Tutorial Helped You. Thank You.