1
00:00:00,300 --> 00:00:07,080
Now, we saw, like a little report about password encoded in the last few videos, so let's try to

2
00:00:07,080 --> 00:00:13,610
implement one of the password encoder, which is secret password encoded inside our application and

3
00:00:13,620 --> 00:00:19,820
leverage it to authenticate our Greenshields insider application for that.

4
00:00:20,160 --> 00:00:26,370
First, I have to go to the place where we have configured password encoded with the standard password.

5
00:00:27,180 --> 00:00:32,640
So instead of a standard password encoder, I will be configuring Bakry password.

6
00:00:32,640 --> 00:00:39,600
And so as we discussed, secret password encoder has a constructor which don't need any arguments to

7
00:00:39,600 --> 00:00:39,930
pass.

8
00:00:40,080 --> 00:00:43,130
So with this from chording, I am good.

9
00:00:43,290 --> 00:00:53,340
Like my application is good to use Bakry password and as we discussed, my code should top are my just

10
00:00:53,550 --> 00:00:59,100
method for evaluating the passwords between what we saw in the database and what we are receiving from

11
00:00:59,110 --> 00:00:59,730
the UI.

12
00:01:00,030 --> 00:01:02,110
So that's why I just kept a big point here.

13
00:01:02,460 --> 00:01:06,630
So let's try to start our application in dept.

14
00:01:07,140 --> 00:01:10,600
So meanwhile, let's go and see what users we have in the database.

15
00:01:10,740 --> 00:01:16,840
We have a customer people and in fact that we have an email that we configured previously, which is

16
00:01:16,860 --> 00:01:20,650
under the pretext of blue dot com and his password is five, four, three, two, one.

17
00:01:21,060 --> 00:01:23,180
Now we have our server started.

18
00:01:23,370 --> 00:01:27,780
Let's try to go to the browser and try to access my account.

19
00:01:27,790 --> 00:01:36,990
So it's asking me, correction, I'm giving my username and password is five, four, three, two,

20
00:01:37,000 --> 00:01:37,380
one.

21
00:01:38,430 --> 00:01:42,430
Xining The code will match this method.

22
00:01:42,720 --> 00:01:50,070
So here the password is the one which we're receiving from the UI and encoded password is the one which

23
00:01:50,070 --> 00:01:51,220
we have in the database.

24
00:01:51,660 --> 00:01:53,850
So now let's try to see what is happening inside.

25
00:01:54,410 --> 00:01:58,310
So the password is not enough and the password is also not unknown.

26
00:01:58,740 --> 00:02:07,770
And here I am getting an error saying that whatever you stored inside the database is not to be encoded

27
00:02:07,770 --> 00:02:10,949
password so that my login will fail.

28
00:02:11,190 --> 00:02:17,340
My credentials are right with an error, saying that incorrect password does not look like the reasons

29
00:02:17,910 --> 00:02:19,560
you are telling the spring security.

30
00:02:19,560 --> 00:02:24,060
Go ahead and leverage to decrypt hashing mechanism for violating the conventions.

31
00:02:24,330 --> 00:02:30,450
But you are still saving the password in a plain text inside the database.

32
00:02:30,630 --> 00:02:36,600
So that's why spring security saying I can go ahead and validate because the encoded password, which

33
00:02:36,600 --> 00:02:40,610
is in the database, is not a hash of function.

34
00:02:40,980 --> 00:02:42,540
So due to that we are getting this error.

35
00:02:42,900 --> 00:02:50,350
For that, let's try to go ahead and update our password in a big group hashing mechanism so that Auspine

36
00:02:50,400 --> 00:02:53,910
security also can leverage it and validate the password.

37
00:02:54,090 --> 00:02:56,130
For that, let's go to our database.

38
00:02:56,400 --> 00:03:02,310
But right now we have a problem with our customer table because someone table a password is awful and

39
00:03:02,310 --> 00:03:05,760
fortify only the column is for the family.

40
00:03:06,120 --> 00:03:13,420
But I we need more than that to store a hash value of a password so far that let me drop my this table

41
00:03:13,950 --> 00:03:20,220
drop cable customer so I have to dropped every customer now we have to create a table again.

42
00:03:20,220 --> 00:03:24,660
Customer for that let's go to our script location here.

43
00:03:24,660 --> 00:03:26,310
I have a definition of it.

44
00:03:26,520 --> 00:03:29,370
Let me copy paste it here as well.

45
00:03:29,370 --> 00:03:31,160
And instead of whatever, I'm just keeping it.

46
00:03:31,160 --> 00:03:32,670
That's two hundred for Safer site.

47
00:03:32,940 --> 00:03:40,470
I'm just creating the table post that I can go ahead and insert the same value.

48
00:03:40,800 --> 00:03:45,690
But here John Doe does not have a password inside a database in hashing.

49
00:03:46,230 --> 00:03:55,860
So let's create a new user name, which is a great example, dot com and I want to keep it password

50
00:03:55,860 --> 00:03:56,870
as one file.

51
00:03:57,090 --> 00:03:59,150
And his role also can be one admin.

52
00:03:59,580 --> 00:04:04,880
But I really don't know what is a hash value of one, two, three, four, five in decrypt algorithm.

53
00:04:05,400 --> 00:04:12,930
So that to this one is if you are implementing user details manager where you can create user, the

54
00:04:12,930 --> 00:04:20,610
framework will take care of saving the password in a hash value, since you are declaring that the password

55
00:04:20,610 --> 00:04:22,980
encoded should be password encoded.

56
00:04:23,250 --> 00:04:28,640
But in this scenario, since we don't have that core, what we can do is let's try to go to our website.

57
00:04:28,920 --> 00:04:34,440
This is a site where we can connect the hash value of a simple text.

58
00:04:34,890 --> 00:04:41,280
So for that I'm just giving one, two, three, four is my complete list and runtime keeping attached

59
00:04:41,280 --> 00:04:47,820
to it, because even in decrypted password encoder, the coefficient value that we used to pass in the

60
00:04:47,820 --> 00:04:55,410
second constructor by default, etc. So this could indicate that those many longer dramatic times that

61
00:04:55,410 --> 00:04:57,090
my encoding has to happen.

62
00:04:57,360 --> 00:04:59,870
So as soon as I click cache, I go to.

63
00:05:00,300 --> 00:05:04,180
Hasharon, I'm just copping it now instead of one, two, three, four, five.

64
00:05:04,350 --> 00:05:08,990
I'm just storing into the database the hatch value and I'm inserting it.

65
00:05:09,300 --> 00:05:12,860
So now I will go ahead and log in with Happy.

66
00:05:12,960 --> 00:05:14,370
A great example.

67
00:05:14,370 --> 00:05:18,150
Dot com and password is one, two, three, four, five.

68
00:05:18,420 --> 00:05:22,350
Now I click in this time it dropped again matches.

69
00:05:22,530 --> 00:05:24,830
So here that our password is one, two, three, four, five.

70
00:05:25,140 --> 00:05:29,570
And you can see this is the encoded password that we stored in the database.

71
00:05:29,790 --> 00:05:36,120
So by this time my spring security might have called user by user name and it is having the password

72
00:05:36,120 --> 00:05:37,800
in the form of encode password here.

73
00:05:38,160 --> 00:05:41,030
So now I will check line by line.

74
00:05:41,310 --> 00:05:48,480
So it's not a password encoded password is also known is an ordinal and my password is matching with

75
00:05:48,480 --> 00:05:50,400
the big better now.

76
00:05:50,670 --> 00:06:00,450
So this is a method where it will compare to my plaintext value and the hash to value is same for that.

77
00:06:00,840 --> 00:06:07,350
What it will do is first it will take the hash value and it will call the hash password method with

78
00:06:07,350 --> 00:06:10,340
a password that will result from the UI on the side.

79
00:06:10,710 --> 00:06:15,540
So once that hashing is completed, it will return a boolean value.

80
00:06:15,780 --> 00:06:22,890
Since the hashes of both encoded password and what we calculate it based upon the password is matching,

81
00:06:23,220 --> 00:06:28,760
it will return boolean true, which indicates that we should download the authentication of this user.

82
00:06:29,100 --> 00:06:35,680
So that's why in the UI the time we are getting the application response for my account service.

83
00:06:35,970 --> 00:06:39,920
So this is how we should configure any password encoding.

84
00:06:40,230 --> 00:06:42,060
And you can see it's very easy.

85
00:06:42,060 --> 00:06:47,160
You just have to define what is the password encoded that I have to follow and accordingly should maintain

86
00:06:47,160 --> 00:06:50,050
the values in the database or in Aleppo.

87
00:06:50,380 --> 00:06:57,900
So spring security is taking a lot of pain from developers so that they can focus on business requirement

88
00:06:58,230 --> 00:07:02,280
and it is taking care of all the passwords management here.

89
00:07:02,460 --> 00:07:08,100
But if we have a requirement, when you want to have your own custom password encoder, you are free

90
00:07:08,100 --> 00:07:11,760
to implement the password encoder provided by framework.

91
00:07:12,120 --> 00:07:20,340
And inside that you how to override the methods and code and matches that framework will call your methods

92
00:07:20,340 --> 00:07:23,210
whenever we try to validate the user credentials.

93
00:07:23,430 --> 00:07:26,550
So this is the way how you should configure the password.

94
00:07:26,550 --> 00:07:27,120
Encoders.

95
00:07:27,540 --> 00:07:29,390
Thank you and see you in the next room by.