PasswordEncoderFactories.createDelegatingPasswordEncoder() is creating wrong key for LdapShaPasswordEncoder(). Additionally, DelegatingPasswordEncoder removes the {SHA} prefix before call LdapShaPasswordEncoder.matches() that is expecting for it.
Actual Behavior
PasswordEncoderFactories.createDelegatingPasswordEncoder() creates LdapShaPasswordEncoder() with key ldap but LdapShaPasswordEncoder() expects internally that encoded password starts with SHA or SSHA.
LdapShaPasswordEncoder.matches() expectes that the encoded key is started by prefix {SHA} however DelegatingPasswordEncoder.matches() remove prefix before call LdapShaPasswordEncoder.
Expected Behavior
LdapShaPasswordEncoder() must accept ldap as prefix or PasswordEncoderFactories.createDelegatingPasswordEncoder() instantiate LdapShaPasswordEncoder() with key SHA.
DelegatingPasswordEncoder.matches() doesn't remove prefix or LdapShaPasswordEncoder() doesn't expect for it internally
Summary
PasswordEncoderFactories.createDelegatingPasswordEncoder() is creating wrong key for LdapShaPasswordEncoder(). Additionally, DelegatingPasswordEncoder removes the {SHA} prefix before call LdapShaPasswordEncoder.matches() that is expecting for it.
Actual Behavior
Expected Behavior
Configuration
build.gradle compile('org.springframework.boot:spring-boot-starter-data-ldap') compile('org.springframework.boot:spring-boot-starter-security') compile('org.springframework:spring-jdbc') compile('org.springframework.session:spring-session-core')
compile("org.springframework.ldap:spring-ldap-core") compile("org.springframework.security:spring-security-ldap") compile("org.springframework:spring-tx") compile("com.unboundid:unboundid-ldapsdk")
code DelegatingPasswordEncoder delegatingPasswordEncoder = (DelegatingPasswordEncoder) PasswordEncoderFactories.createDelegatingPasswordEncoder(); delegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(NoOpPasswordEncoder.getInstance());
Version
springBootVersion = '2.0.1.RELEASE'