Address weak crypto issues
[ccsdk/apps.git] / ms / vlantag-api / src / main / java / org / onap / ccsdk / apps / ms / vlantagapi / core / ApplicationSecurityConfig.java
index bd0abe6..80c42fb 100644 (file)
@@ -29,6 +29,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;\r
 import org.springframework.security.core.userdetails.User;\r
 import org.springframework.security.core.userdetails.UserDetails;\r
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\r
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;\r
 import org.springframework.security.crypto.password.PasswordEncoder;\r
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;\r
@@ -51,7 +52,8 @@ public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter{
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {\r
                List<UserDetails> userDetails = new ArrayList<>();\r
                \r
-               PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();\r
+               // Explicitly set bcrypt password encoder rather than using default\r
+               PasswordEncoder encoder = new BCryptPasswordEncoder();\r
        final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);\r
 \r
                String authString = environment.getProperty("application.authToken");\r