StandardPasswordEncoderは非推奨

Deprecated.
Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.

DelegatingPasswordEncoderを使用する場合は、下記の通り。

@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebSecurityConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        // デフォルトはbcrypt
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

又は、

<bean id="passwordEncoder" class="org.springframework.security.crypto.factory.PasswordEncoderFactories" factory-method="createDelegatingPasswordEncoder" />

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です