How to change password hashing algorithm when using spring security?

Posted by harry on Stack Overflow See other posts from Stack Overflow or by harry
Published on 2012-12-07T12:05:51Z Indexed on 2012/12/07 23:05 UTC
Read the original article Hit count: 205

Filed under:

spring

|

spring-security

I'm working on a legacy Spring MVC based web Application which is using a - by current standards - inappropriate hashing algorithm. Now I want to gradually migrate all hashes to bcrypt. My high level strategy is:

New hashes are generated with bcrypt by default
When a user successfully logs in and has still a legacy hash, the app replaces the old hash with a new bcrypt hash.

What is the most idiomatic way of implementing this strategy with Spring Security? Should I use a custom Filter or my on AccessDecisionManager or …?

© Stack Overflow or respective owner

Related posts about spring

Why is Java EE 6 better than Spring ?

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Java EE 6 was released over 2 years ago and now there are 14 compliant application servers. In all my talks around the world, a question that is frequently asked is Why should I use Java EE 6 instead of Spring ? There are already several blogs covering that topic: Java EE… >>> More
Spring??Java EE 6?! ???????????????·????????Java Developers Workshop 2012 Summer????

as seen on Oracle Blogs - Search for 'Oracle Blogs'
?Java EE 6??????????????????????????????????????/?????????????????????????Spring Framework?????????????????????????????????????????????????????????????????????????????? “Spring to Java EE 6”????·????????????????????Java EE 6????????????????????IT???????????????Java??????????????·???????????????8?… >>> More
Spring 3.0: Unable to locate Spring NamespaceHandler for XML schema namespace

as seen on Stack Overflow - Search for 'Stack Overflow'
My setup is fairly simple: I have a web front-end, back-end is spring-wired. I am using AOP to add a layer of security on my rpc services. It's all good, except for the fact that the web app aborts on launch: [java] SEVERE: Context initialization failed [java] org.springframework.beans… >>> More
Applying ServiceKnownTypeAttribute to WCF service with Spring

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to apply the ServiceKnownTypeAttribute to my WCF Service but keep getting the error below my config. Does anyone have any ideas? <object id="HHGEstimating" type="Spring.ServiceModel.ServiceExporter, Spring.Services"> <property name="TargetName" value="HHGEstimatingHelper"/> … >>> More
Where is the sample applications in the lastest Spring release(Spring Framework 3.0.2)?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi guys, On the Spring download page, It says that For all Spring Framework releases, the basic release contains only the binaries while the -with-dependencies release contains everything the basic release contains plus all third-party dependencies, buildable source trees, and sample… >>> More

Related posts about spring-security

Spring Security - Interactive login attempt was unsuccessful

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the SPRING_SECURITY_REMEMBER_ME_COOKIE so I turned on logging for org.springframework.security.web.authentication.rememberme. At first glance, the logs make it seem like the login is failing but the login is actually successful in the… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More
Spring Security - Persistent Remember Me Issue

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the Spring Security remember me cookie (SPRING_SECURITY_REMEMBER_ME_COOKIE). At first glance, the logs make it seem like the login is failing, but the login is actually successful in the sense that if I navigate to a page that requires… >>> More
Problem with Remember Me Service in Spring Security

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to implement a "remember me" functionality in my website using Spring. The cookie and entry in the persistent_logins table are getting created correctly. Additionally, I can see that the correct user is being restored as the username is displayed at the top of the page. However, once… >>> More
Spring Security 3 - j_spring_security_check is not found

as seen on Stack Overflow - Search for 'Stack Overflow'
I use Spring Security with Spring Framework 3 and when I tyr to login from homepage I get following error: 2010-04-26 12:16:39,525 [tomcat-http--2] WARN org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/AppName/app/j_spring_security_check] in DispatcherServlet… >>> More