Home/ Questions/Q 8982927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T20:42:07+00:00

I’m using Jasypt 1.9.0, Spring 3.1.1.RELEASE, and Maven 3.0.3. Using the Jasypt command line

  • 0

I’m using Jasypt 1.9.0, Spring 3.1.1.RELEASE, and Maven 3.0.3. Using the Jasypt command line tool, I generate passwords like so …

./digest.sh input=admin providerClassName=org.bouncycastle.jce.provider.BouncyCastleProvider algorithm=SHA-256  saltGeneratorClassName=org.jasypt.salt.ZeroSaltGenerator

However, when I configure Spring security to attempt to match a password someone entered at the login screen …

<beans:bean id="bcProvider" class="org.bouncycastle.jce.provider.BouncyCastleProvider" />

<beans:bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester">
    <beans:property name="algorithm">
        <beans:value>SHA-256</beans:value>
    </beans:property>
    <beans:property name="provider">
        <beans:ref bean="bcProvider" />
    </beans:property>
    <beans:property name="saltGenerator">
        <beans:bean id="saltGenerator" class="org.jasypt.salt.ZeroSaltGenerator"/>
    </beans:property>
</beans:bean>

<!-- This Spring Security-friendly PasswordEncoder implementation will -->
<!-- wrap the StringDigester instance so that it can be used from -->
<!-- the security framework. -->
<beans:bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
    <property name="stringDigester">
        <ref bean="jasyptStringDigester" />
    </property>
</beans:bean>

<authentication-manager alias="authenticationManager" id="authenticationManager">
    <authentication-provider user-service-ref="sbdUserDetailsService">
        <password-encoder ref="passwordEncoder" />
    </authentication-provider>
</authentication-manager>

Spring is generating a different password than what is stored, and hence I’m not able to authenticate my user. Is there some configuration I’m missing? Why, during authentication, does SPring generate something different than what Jasypt has?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    if you run digest.sh multiple times you will get different hashes for same input values. i assume Jasypt uses a timestamp or a random string as a salt.

    to be able to generate same hash, you must know the salt, which is used or control the way it is generated. There is a cli parameter called saltGeneratorClassName. By providing a class, which implements the SaltGenerator interface you can control the salt generation.

    UPDATE:

    forget what i said about position of the salt. you just need to change the jasyptStringDigester a little bit:

    <beans:bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester">
    <beans:property name="algorithm">
        <beans:value>SHA-256</beans:value>
    </beans:property>
    <beans:property name="provider">
        <beans:ref bean="bcProvider" />
    </beans:property>
    <beans:property name="saltGenerator">
        <beans:ref bean="saltGenerator" />
    </beans:property>
</beans:bean>

<beans:bean class="impl.of.your.SaltGenerator" id="saltGenerator" />

    and then you need to provide impl.of.your.SaltGenerator to digest.sh:

    ./digest.sh input=admin \
    providerClassName=org.bouncycastle.jce.provider.BouncyCastleProvider \
    algorithm=SHA-256 \
    saltGeneratorClassName=impl.of.your.SaltGenerator
    • 0