How to change password hashing algorithm when using spring security?

Posted by harry on Stack Overflow See other posts from Stack Overflow or by harry
Published on 2012-12-07T12:05:51Z Indexed on 2012/12/07 23:05 UTC
Read the original article Hit count: 209

Filed under:
|

I'm working on a legacy Spring MVC based web Application which is using a - by current standards - inappropriate hashing algorithm. Now I want to gradually migrate all hashes to bcrypt. My high level strategy is:

  • New hashes are generated with bcrypt by default
  • When a user successfully logs in and has still a legacy hash, the app replaces the old hash with a new bcrypt hash.

What is the most idiomatic way of implementing this strategy with Spring Security? Should I use a custom Filter or my on AccessDecisionManager or …?

© Stack Overflow or respective owner

Related posts about spring

Related posts about spring-security