Difficulty implementing password encryption with Spring Boot

Question

Difficulty implementing password encryption with Spring Boot

Asked 6 years, 12 months ago

Viewed 940 times

3

By the title you can see that it is a Spring Boot project, and being a Spring Boot project many things already come configured by Frameworks, but do not know regarding the implementation of password encryption, in Spring MVC have to set up some things in hand, but come on....

it seems to me that I did everything right... but even so is generating error message, the error message I will show at the end of this post.

As the project is a little big I’ll show you step by step what I did to implement password encryption.

1º I include the library, I do not know if this library and the version is correct.

    <properties>
        <!-- Spring Security -->
        <spring-security-web.version>4.1.1.RELEASE</spring-security-web.version>

</properties>

and in the end ....

<!-- Spring Security -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>${spring-security-web.version}</version>
    <scope>compile</scope>
</dependency>

https://github.com/wladyband/arm/blob/master/arm/pom.xml

2nd Then I create a class for exception

public class SenhaObrigatoriaUsuarioException extends RuntimeException {

    private static final long serialVersionUID = 1L;

    public SenhaObrigatoriaUsuarioException(String message) {
        super(message);
    }
}

https://github.com/wladyband/arm/blob/master/arm/src/main/java/br/com/arm/controller/service/exception/SenhaObrigatoriaUsuarioException.java

3º In the service class I include this code lines

@Autowired
private PasswordEncoder passwordEncoder;

plus this...

if (usuario.isNovo() && StringUtils.isEmpty(usuario.getSenha())) {
            throw new SenhaObrigatoriaUsuarioException("Senha é obrigatória para novo usuário");
        }

        if (usuario.isNovo()) {
            usuario.setSenha(this.passwordEncoder.encode(usuario.getSenha()));
            usuario.setConfirmacaoSenha(usuario.getSenha());
        }

https://github.com/wladyband/arm/blob/master/arm/src/main/java/br/com/arm/controller/service/CadastroUsuarioService.java

4º And then I configure the security for everything to work..

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
}

https://github.com/wladyband/arm/blob/master/arm/src/main/java/br/com/arm/config/SecurityConfig.java

5th place implementation exception in controller

catch (SenhaObrigatoriaUsuarioException e) {
    result.rejectValue("senha", e.getMessage(), e.getMessage());
    return novo(usuario);
}

https://github.com/wladyband/arm/blob/master/arm/src/main/java/br/com/arm/controller/UsuarioController.java

But it still made an error as you can see below;

2017-07-04T12:45:14.833372+00:00 app[web.1]: 2017-07-04 12:45:14.832  INFO 4 --- [           main] utoConfigurationReportLoggingInitializer :
2017-07-04T12:45:14.833375+00:00 app[web.1]:
2017-07-04T12:45:14.833376+00:00 app[web.1]: Error starting ApplicationContext. To display the auto-configuration report re-run your application with 'debug' enabled
.
2017-07-04T12:45:14.846044+00:00 app[web.1]: 2017-07-04 12:45:14.845 ERROR 4 --- [           main] o.s.boot.SpringApplication               : Application startup fai
led
2017-07-04T12:45:14.846047+00:00 app[web.1]:
2017-07-04T12:45:14.846048+00:00 app[web.1]: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defin
ed in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method fa
iled; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterCha
in' threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/web/session/SessionInformationExpiredStrategy
2017-07-04T12:45:14.846049+00:00 app[web.1]:    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.ja
va:599) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846051+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(Abstrac
tAutowireCapableBeanFactory.java:1173) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846054+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCa
pableBeanFactory.java:1067) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846055+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableB
eanFactory.java:513) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846056+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBea
nFactory.java:483) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846057+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-b
eans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846058+00:00 app[web.1]:    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.j
ava:230) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846058+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-bea
ns-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846059+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans
-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846060+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296) ~[spring-bea
ns-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846061+00:00 app[web.1]:    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans
-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846061+00:00 app[web.1]:    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanF
actory.java:761) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846062+00:00 app[web.1]:    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplication
Context.java:866) ~[spring-context-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846063+00:00 app[web.1]:    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542) ~[spri
ng-context-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846064+00:00 app[web.1]:    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java
:122) ~[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
2017-07-04T12:45:14.846065+00:00 app[web.1]:    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737) [spring-boot-1.5.3.RELEASE.jar!/:1.
5.3.RELEASE]
2017-07-04T12:45:14.846066+00:00 app[web.1]:    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370) [spring-boot-1.5.3.RELEASE.j
ar!/:1.5.3.RELEASE]
2017-07-04T12:45:14.846066+00:00 app[web.1]:    at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3.
RELEASE]
2017-07-04T12:45:14.846067+00:00 app[web.1]:    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3
.RELEASE]
2017-07-04T12:45:14.846068+00:00 app[web.1]:    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.3.RELEASE.jar!/:1.5.3
.RELEASE]
2017-07-04T12:45:14.846069+00:00 app[web.1]:    at br.com.arm.ArmApplication.main(ArmApplication.java:15) [classes!/:1.0.0-SNAPSHOT]
2017-07-04T12:45:14.846074+00:00 app[web.1]:    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846075+00:00 app[web.1]:    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846076+00:00 app[web.1]:    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846077+00:00 app[web.1]:    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846077+00:00 app[web.1]:    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [arm-1.0.0-SNAPSHOT.jar:1.0.0-SNAPS
HOT]
2017-07-04T12:45:14.846078+00:00 app[web.1]:    at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [arm-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
2017-07-04T12:45:14.846079+00:00 app[web.1]:    at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [arm-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
2017-07-04T12:45:14.846079+00:00 app[web.1]:    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [arm-1.0.0-SNAPSHOT.jar:1.0.0-SNAPSHOT]
2017-07-04T12:45:14.846081+00:00 app[web.1]: Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory m
ethod 'springSecurityFilterChain' threw exception; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/web/session/SessionInformationExp
iredStrategy
2017-07-04T12:45:14.846081+00:00 app[web.1]:    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java
:189) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846082+00:00 app[web.1]:    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.ja
va:588) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846083+00:00 app[web.1]:    ... 28 common frames omitted
2017-07-04T12:45:14.846084+00:00 app[web.1]: Caused by: java.lang.NoClassDefFoundError: org/springframework/security/web/session/SessionInformationExpiredStrategy
2017-07-04T12:45:14.846084+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.builders.HttpSecurity.sessionManagement(HttpSecurity.java:399)
~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846085+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityC
onfigurerAdapter.java:208) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846086+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConf
igurerAdapter.java:315) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846101+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConf
igurerAdapter.java:86) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846101+00:00 app[web.1]:    at br.com.arm.config.SecurityConfig$$EnhancerBySpringCGLIB$$cb73af8b.init(<generated>) ~[classes!/:1.0.0-SNAPSHOT]
2017-07-04T12:45:14.846102+00:00 app[web.1]:    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBu
ilder.java:371) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846103+00:00 app[web.1]:    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurit
yBuilder.java:325) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846103+00:00 app[web.1]:    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[sp
ring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846105+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChai
n(WebSecurityConfiguration.java:104) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846108+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$
5cbaee68.CGLIB$springSecurityFilterChain$4(<generated>) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846109+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$
5cbaee68$$FastClassBySpringCGLIB$$72103c9a.invoke(<generated>) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846110+00:00 app[web.1]:    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.3.8.RELEASE.jar!/:4.
3.8.RELEASE]
2017-07-04T12:45:14.846114+00:00 app[web.1]:    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationCla
ssEnhancer.java:358) ~[spring-context-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846115+00:00 app[web.1]:    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$
5cbaee68.springSecurityFilterChain(<generated>) ~[spring-security-config-4.2.2.RELEASE.jar!/:4.2.2.RELEASE]
2017-07-04T12:45:14.846116+00:00 app[web.1]:    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846117+00:00 app[web.1]:    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846118+00:00 app[web.1]:    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846118+00:00 app[web.1]:    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846119+00:00 app[web.1]:    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java
:162) ~[spring-beans-4.3.8.RELEASE.jar!/:4.3.8.RELEASE]
2017-07-04T12:45:14.846120+00:00 app[web.1]:    ... 29 common frames omitted
2017-07-04T12:45:14.846120+00:00 app[web.1]: Caused by: java.lang.ClassNotFoundException: org.springframework.security.web.session.SessionInformationExpiredStrategy
2017-07-04T12:45:14.846121+00:00 app[web.1]:    at java.net.URLClassLoader.findClass(URLClassLoader.java:381) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846122+00:00 app[web.1]:    at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:94) ~[arm-1.0.0-SNAPS
HOT.jar:1.0.0-SNAPSHOT]
2017-07-04T12:45:14.846122+00:00 app[web.1]:    at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846123+00:00 app[web.1]:    at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[na:1.8.0_121-heroku16]
2017-07-04T12:45:14.846124+00:00 app[web.1]:    ... 48 common frames omitted
2017-07-04T12:45:14.846125+00:00 app[web.1]:
2017-07-04T12:45:14.976913+00:00 heroku[web.1]: State changed from starting to crashed
2017-07-04T12:45:14.969705+00:00 heroku[web.1]: Process exited with status 1
2017-07-04T12:45:43.368255+00:00 heroku[router]: at=error code=H10 desc="App crashed" method=GET path="/login" host=wb-arm-wladimir.herokuapp.com request_id=70fd7aae
-424b-4fd8-9d90-63f36cabe239 fwd="177.223.27.17" dyno= connect= service= status=503 bytes= protocol=https

I wonder what’s going on?

It’s a project on the Heroku server. To get an idea the server can’t even upload the web page. If I take all settings from step to step of the encryption implementation the project back to work without errors, I think the problem is configuration of the Spring Boot project itself, must be missing something.

Try using the same version for spring security by not reporting spring-security-web.version.

– Murillo Goulart

2017/07/26 at 12:46

No answers

Browser other questions tagged cryptography spring-boot spring-security

You are not signed in. Login or sign up in order to post.