I am using Spring Security to read user password from MySql database. The issue is, that it seems the password obtained from database is not the same as the password stored in the database, so I'm getting authentication error.
What makes it even stranger is that it seems after application restart I keep getting different passwords. Since I can't really find a similar topic I'm sure I have overlooked some basic stuff but I just can't see where. Here is my configure:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(new PasswordAuthentication())
.usersByUsernameQuery("SELECT user_name, user_password, verified "
+ "FROM user_details "
+ "WHERE user_email = ?")
.authoritiesByUsernameQuery("SELECT user_name, user_role_desc "
+ "FROM user_details "
+ "WHERE user_email = ?");
}
PasswordEncoder is custom but as I understand Security should just call the matches method:
public boolean matches(CharSequence password, String token)
{
System.out.println(password);
System.out.println(token);
And this is where I see that token is different from the one stored in the database even though the pattern is the same.
I have a UsernamePasswordAuthenticationFilter but no other custom implementation. Does anything else in the chain modify the password obtained from the database?
EDIT: The password in the database is:
$22$17$9GD7-A8_W4h9q4_uJ-fFSMhJjKMIbKNJng-G6IfzNCQ
While if I print out the - supposedly same - password returned by jdbcAuthentication then I see:
Password 1:
$22$17$c-gMYpcX5d0YOgf6HBs19MuImTq7wb41tBeKSTw1mMw
This remains the same in the log as long as I don't restart the application. If I restart, then it will be different, eg:
$22$17$zG0Ph1AM9_xAADIR8l01JVkCNzNwk_s0Z4VJt49NSiU
Then third time:
$22$17$B4y1Yr8Mt0QuuMg-AK6x02RyAZlQVnbo9A6KKEYitlE
etc. But as long as I don't restart the app the password returned by jdbcAuthentication remains the same - just not the one that is in the database.
