Password encoding with Spring Data REST -
how should encode automatically subbmitted plain password field of entity spring data rest?
i'm using bcrypt encoder , want automatically encode request's password field, when client send via post, put , patch.
@entity public class user { @notnull private string username; @notnull private string passwordhash; ... getters/setters/etc ... }
first tried solve @handlebeforecreate , @handlebeforesave event listeners user in it's argument merged, can't make difference between user's new password, or old passwordhash:
@handlebeforesave protected void onbeforesave(user user) { if (user.getpassword() != null) { account.setpassword(passwordencoder.encode(account.getpassword())); } super.onbeforesave(account); }
is possible, use @projection , spel on setter method?
you can implement jackson jsondeserializer:
public class bcryptpassworddeserializer extends jsondeserializer<string> { public string deserialize(jsonparser jsonparser, deserializationcontext deserializationcontext) throws ioexception { objectcodec oc = jsonparser.getcodec(); jsonnode node = oc.readtree(jsonparser); bcryptpasswordencoder encoder = new bcryptpasswordencoder(); string encodedpassword = encoder.encode(node.astext()); return encodedpassword; } }
and apply jpa entity property:
// value of password have length of // 60 bcrypt @size(min = 60, max = 60) @column(name="password", nullable = false, length = 60) @jsondeserialize(using = bcryptpassworddeserializer.class ) private string password;
Comments
Post a Comment