How to change password hashing algorithm when using spring security?
Posted
by
harry
on Stack Overflow
See other posts from Stack Overflow
or by harry
Published on 2012-12-07T12:05:51Z
Indexed on
2012/12/07
23:05 UTC
Read the original article
Hit count: 209
spring
|spring-security
I'm working on a legacy Spring MVC based web Application which is using a - by current standards - inappropriate hashing algorithm. Now I want to gradually migrate all hashes to bcrypt. My high level strategy is:
- New hashes are generated with bcrypt by default
- When a user successfully logs in and has still a legacy hash, the app replaces the old hash with a new bcrypt hash.
What is the most idiomatic way of implementing this strategy with Spring Security? Should I use a custom Filter or my on AccessDecisionManager or …?
© Stack Overflow or respective owner