Encode Password using –SHA1
- While storing user details in Application Context, the password is configured as plain text
- Encode the password using SHA1 using <password-encoder> element
Vulnerable Authentication Provider Configuration
Secure Authentication Provider Configuration
Implementing HTTP Basic Authentication
- Defining <http-basic> defines a BasicAuthenticationFilter filter
- On successfully authentication of the user, the Authentication object added to spring SecurityContext
- SecurityContextHolder class is used to access the security context
Configuring HTTP Basic Authentication
BasicAuthenticationFilter Bean Declaration
Cheng® 