Spring Security 5 : There is no PasswordEncoder mapped for the id "null"
When you are configuring the ClientDetailsServiceConfigurer
, you have to also apply the new password storage format to the client secret.
.secret("{noop}secret")
Add .password("{noop}password")
to Security config file.
For example :
auth.inMemoryAuthentication() .withUser("admin").roles("ADMIN").password("{noop}password");
For anyone facing the same issue and not in need of a secure solution - for testing and debugging mainly - in memory users can still be configured.
This is just for playing around - no real world scenario.
The approach used below is deprecated.
This is where I got it from:
Within your WebSecurityConfigurerAdapter
add the following:
@SuppressWarnings("deprecation")@Beanpublic static NoOpPasswordEncoder passwordEncoder() {return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();}
Here, obviously, passwords are hashed, but still are available in memory.
Of course, you could also use a real PasswordEncoder
like BCryptPasswordEncoder
and prefix the password with the correct id:
// Create an encoder with strength 16BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(16);String result = encoder.encode("myPassword");assertTrue(encoder.matches("myPassword", result));