In last Spring Security form login example, the password is stored in clear-text, it is vulnerable to attack. In practice, recommend to hash your password before storing them. Spring Security supports following hashing algorithms : plaintext.
There are many standard algorithms like SHA or MD5 which combined with a proper SALT can be a good choice for password encoding. Spring Security provides BCryptPasswordEncoder , and implementation of Spring’s PasswordEncoder interface that uses the BCrypt strong hashing function to encode the password.
Note: By default, username for Spring Security based application is “user” and password will be printed in your console log followed by “Using generated security password: <your-password>” text.
Beside above, what is the use of Bcryptpasswordencoder? As per wiki, bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. Bcrypt uses adaptive hash algorithm to store password.
What is spring boot autoconfiguration?
Why Spring Security is used?