You can just return the hashed password as a String. No need to return the plain password. In fact no one would expect you to.

There’s a lot of Spring magic going on behind the scenes here and there is a default password encoder/decoder, e.g. you can get a password encoder with PasswordEncoderFactories.createDelegatingPasswordEncoder(), which also has more custom options. When a user is logging in, the hashed password that is returned from UserDetails.getPassword() would be compared with the hashed version of the password that the user used to log in.

I’m not overly familiar with mysql datatypes but if you let Spring JPA manage your user entity and it has a password field that is encoded with this PasswordEncoderFactories.createDelegatingPasswordEncoder() and then saved as a String, the data type in the database would just be a varchar or whatever the type is called in MySql. This password encoder uses BCrypt by default but you can also configure it to use different hashing algorithms.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top