Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Spring Security

You're reading from   Spring Security Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781835460504
Length 596 pages
Edition 4th Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Badr Nasslahsen Badr Nasslahsen
Author Profile Icon Badr Nasslahsen
Badr Nasslahsen
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Part 1: Fundamentals of Application Security FREE CHAPTER
2. Chapter 1: Anatomy of an Unsafe Application 3. Chapter 2: Getting Started with Spring Security 4. Chapter 3: Custom Authentication 5. Part 2: Authentication Techniques
6. Chapter 4: JDBC-based Authentication 7. Chapter 5: Authentication with Spring Data 8. Chapter 6: LDAP Directory Services 9. Chapter 7: Remember-me Services 10. Chapter 8: Client Certificate Authentication with TLS 11. Part 3: Exploring OAuth 2 and SAML 2
12. Chapter 9: Opening up to OAuth 2 13. Chapter 10: SAML 2 Support 14. Part 4: Enhancing Authorization Mechanisms
15. Chapter 11: Fine-Grained Access Control 16. Chapter 12: Access Control Lists 17. Chapter 13: Custom Authorization 18. Part 5: Advanced Security Features and Deployment Optimization
19. Chapter 14: Session Management 20. Chapter 15: Additional Spring Security Features 21. Chapter 16: Migration to Spring Security 6 22. Chapter 17: Microservice Security with OAuth 2 and JSON Web Tokens 23. Chapter 18: Single Sign-On with the Central Authentication Service 24. Chapter 19: Build GraalVM Native Images 25. Index 26. Other Books You May Enjoy Appendix – Additional Reference Material

Trying out salted passwords

Start up the application and try creating another user with the password user1. Use the H2 console to compare the new user’s password and observe that they are different.

Important note

Your code should now look like this: calendar04.05-calendar.

Spring Security now generates a random salt and combines this with the password before hashing our password. It then adds the random salt to the beginning of the password in plaintext, so that passwords can be checked. The stored password can be summarized as follows:

salt = randomsalt()
hash = hash(salt+originalPassword)
storedPassword = salt + hash

This is the pseudocode for hashing a newly created password.

To authenticate a user, salt and hash can be extracted from the stored password, since both salt and hash are fixed lengths. Then, the extracted hash can be compared against a new hash, computed with extracted salt and the inputted password:

Figure 4.3 – Salting the stored passwords workflow

Figure 4.3 –...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image