Examples of org.springframework.security.crypto.password.StandardPasswordEncoder

• org.springframework.security.crypto.password.StandardPasswordEncoder
  A standard {@code PasswordEncoder} implementation that uses SHA-256 hashing with 1024 iterations and arandom 8-byte random salt value. It uses an additional system-wide secret value to provide additional protection.

  The digest algorithm is invoked on the concatenated bytes of the salt, secret and password.

  If you are developing a new system, {@link org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder} isa better choice both in terms of security and interoperability with other languages. @author Keith Donald @author Luke Taylor

            return "redirect:/tatami/login";
        }
        log.debug("Creating user {}", email);
        User user = new User();
        user.setLogin(email);
        StandardPasswordEncoder encoder = new StandardPasswordEncoder();
        String encryptedPassword = encoder.encode(password);
        user.setPassword(encryptedPassword);
        userService.createUser(user);
        return "redirect:/tatami/login";
    }

    @Timed
    public UserPassword setPassword(@RequestBody UserPassword userPassword, HttpServletResponse response) {
        this.log.debug("REST request to set account's password");
        try {
            User currentUser = authenticationService.getCurrentUser();
            StandardPasswordEncoder encoder = new StandardPasswordEncoder();

            if (!encoder.matches(userPassword.getOldPassword(), currentUser.getPassword())) {
                log.debug("The old password is incorrect : {}", userPassword.getOldPassword());
                throw new Exception("oldPassword");
            }

            if (!userPassword.getNewPassword().equals(userPassword.getNewPasswordConfirmation())) {

    }

    public void updatePassword(User user) {
        User currentUser = authenticationService.getCurrentUser();
        String password = user.getPassword();
        StandardPasswordEncoder encoder = new StandardPasswordEncoder();
        String encryptedPassword = encoder.encode(password);
        currentUser.setPassword(encryptedPassword);
        log.debug("Password encrypted to : {}", encryptedPassword);
        try {
            userRepository.updateUser(currentUser);
        } catch (ConstraintViolationException cve) {

        // If the user is using OpenID or LDAP, the password is not set.
        // In this case, we generate a random password as Spring Security requires the user
        // to have a non-null password (and it is of course a better security than no password)
        if (user.getPassword() == null) {
            String password = RandomUtil.generatePassword();
            StandardPasswordEncoder encoder = new StandardPasswordEncoder();
            String encryptedPassword = encoder.encode(password);
            user.setPassword(encryptedPassword);
        }

        user.setUsername(username);
        user.setDomain(domain);

    public String validateRegistration(String key) {
        log.debug("Validating registration for key {}", key);
        String login = registrationRepository.getLoginByRegistrationKey(key);
        String password = RandomUtil.generatePassword();
        StandardPasswordEncoder encoder = new StandardPasswordEncoder();
        String encryptedPassword = encoder.encode(password);
        if (login != null) {
            User existingUser = getUserByLogin(login);
            if (existingUser != null) {
                log.debug("Reinitializing password for user {}", login);
                existingUser.setPassword(encryptedPassword);