Password encoding with Spring Data REST -


how should encode automatically subbmitted plain password field of entity spring data rest?

i'm using bcrypt encoder , want automatically encode request's password field, when client send via post, put , patch.

@entity public class user {   @notnull   private string username;   @notnull   private string passwordhash;   ...   getters/setters/etc   ... } 

first tried solve @handlebeforecreate , @handlebeforesave event listeners user in it's argument merged, can't make difference between user's new password, or old passwordhash:

@handlebeforesave protected void onbeforesave(user user) {     if (user.getpassword() != null) {         account.setpassword(passwordencoder.encode(account.getpassword()));     }     super.onbeforesave(account); } 

is possible, use @projection , spel on setter method?

you can implement jackson jsondeserializer:

public class bcryptpassworddeserializer extends jsondeserializer<string> {      public string deserialize(jsonparser jsonparser, deserializationcontext deserializationcontext) throws ioexception {         objectcodec oc = jsonparser.getcodec();         jsonnode node = oc.readtree(jsonparser);         bcryptpasswordencoder encoder = new bcryptpasswordencoder();         string encodedpassword = encoder.encode(node.astext());         return encodedpassword;     } } 

and apply jpa entity property:

// value of password have length of  // 60 bcrypt @size(min = 60, max = 60) @column(name="password", nullable = false, length = 60) @jsondeserialize(using = bcryptpassworddeserializer.class ) private string password; 

Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -