How to persist password in Spring Authenticator Object

In this short blog I will show a small change in configuration which will persist password in spring org.springframework.security.core.Authentication object.

It is not best practice to keep password in object after authenticating the user, but in case if you want to persist the password then following is the code which needs to be added in spring application configuration.

For the "authentication-manager" tag you need to add "erase-credentials" attribute and set the value to false. Below is code snippet: 


<security:authentication-manager  erase-credentials="false">
  <security:authentication-provider ref="AuthenticationProvider"/>
 </security:authentication-manager>
Hope this will be useful.

Comments

Post a Comment

Popular posts from this blog

SSO on Windows using Waffle - Java Web Application

Image
Waffle is open source API which helps in windows based authentication. If project requirements is to auto login a user with Windows login credentials then Waffle provides one option to achieve the same. Waffle supports Negotiate, NTLM and Kerberos. In this blog I will create a Java Web Project to demonstrate how to get the windows logged in credentials using Waffle. Prerequisites: Tomcat Eclipse Create a new Dynamic Web Project in eclipse.  Create Dynamic Web Project Add following jar files related to Waffle setup. commons-logging-1.1.1.jar guava-r07.jar jna.jar platform.jar waffle-jna.jar Next step will be to add the filter classes to handle SSO with windows.  Add filter class "waffle.servlet.NegotiateSecurityFilter", this class takes care of doing negotiation with windows system by invoking necessary classes with in the waffle jars.  Sample code for the same is given below for web,xml file. <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:x...
Read more

Cross domain Calls in AJAX with Jsonp

Web browser doesnot allow initiating cross domain call from javascript. There are multiple ways to initiate cross domain calls, I will be showing example on how to make cross domain call from javascript using jsonp. Using Jquery following is the way to initiate Cross Domain call. in $.ajax method, "dataType" parameter should be set to "jsonp", here jsonp means Json with padding, with jsonp a javascript code is injected in client browser, which enables code to make cross domain call. function initiateCrossDomainCall(url) { $.ajax({ dataType: 'jsonp', // json with padding type:"GET", url : url, success: function ( data) { parseResp(data); }, error: function ( data, status, error) { parseErrorResp(data, status, error) }, timeout: 2000 }); } function parseResp(data){ //add code to parse responsedata. } function parseErrorResp(data, status, error){ // parse errr resp...
Read more

Handling Cross site Scripting

Image
Typically in web application cross site scripting issue is one of the most occurring issues. Cross site scripting vulnerability occurs when hackers are able to execute script code in your application. This can happen due exploiting weakness in the application code. Like Trusting data which comes from any of the system. Lack of data filter for data cleansing before data goes inside the system. Use of Scriptlet  <%=%> for printing data in JSP without validating the data. CSS can broadly be categorized in two subsections. If hackers are able to persist their malicious code in application persistence layer (DB), and whenever any application user visits the web page, these malicious code gets executed and hacker will be able to exploit user. This type is persistent and are more dangerous.          Hacker can add dynamic redirection to some of his malicious site, and capture confidential data. As this redirection happened from the parent site user also will...
Read more