In this short blog I will show a small change in configuration which will persist password in spring org.springframework.security.core.Authentication object.
It is not best practice to keep password in object after authenticating the user, but in case if you want to persist the password then following is the code which needs to be added in spring application configuration.
For the "authentication-manager" tag you need to add "erase-credentials" attribute and set the value to false. Below is code snippet:
It is not best practice to keep password in object after authenticating the user, but in case if you want to persist the password then following is the code which needs to be added in spring application configuration.
For the "authentication-manager" tag you need to add "erase-credentials" attribute and set the value to false. Below is code snippet:
<security:authentication-manager erase-credentials="false"> <security:authentication-provider ref="AuthenticationProvider"/> </security:authentication-manager>Hope this will be useful.
No comments:
Post a Comment