java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id 'null'




Asked on November 29, 2019
Hi I am creating Spring Security 5 application and my security JavaConfig is as following.

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().
antMatchers("/app/admin/**").access("hasRole('ROLE_ADMIN')").
antMatchers("/app/user/**").access("hasRole('ROLE_USER')").
and().formLogin();
}

@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {

@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
  auth.inMemoryAuthentication().withUser("John").password("john123").roles("ADMIN");
  auth.inMemoryAuthentication().withUser("Harry").password("harry123").roles("USER");
}
}  

When I try to login am getting error as following.


java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:250)
org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:198)
org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration$LazyPasswordEncoder.matches(AuthenticationConfiguration.java:312)
org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:90)
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:195)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:95)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:141)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)

How to fix the error?



Replied on November 29, 2019

The error is because in Spring Security 5.0, the default password encoder is changed from NoOpPasswordEncoder to DelegatingPasswordEncoder. The NoOpPasswordEncoder just requires plain text passwords but DelegatingPasswordEncoder requires a format as given below.


{id}encodedPassword


For noop


{noop}plainPassword


For bcrypt


{bcrypt}encodedPassword


For pbkdf2


{pbkdf2}encodedPassword


For scrypt


{scrypt}encodedPassword


For sha256


{sha256}encodedPassword


Find the link


https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#pe-dpe


You can fix your error by changing the code as following.


@Override

public void init(AuthenticationManagerBuilder auth) throws Exception {

  auth.inMemoryAuthentication().withUser("John").password("{noop}john123").roles("ADMIN");

  auth.inMemoryAuthentication().withUser("Harry").password("{noop}harry123").roles("USER");

}





Replied on November 29, 2019
It is working. Thanks.

Write Answer










©2024 concretepage.com | Privacy Policy | Contact Us