Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Java Final Touches and Security Considerations

Posted by lio1986
lio1986
19,649 Points

After entering the hashed version of the password in the sql file it won't allow me to log in again.

I rewatched the video, however I did not find any difference to Chris' code....

When I enter 'password' it shows the false loing credentials flash message and I get following error in the console:

2018-01-20 12:59:57.587  INFO 16337 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2018-01-20 12:59:57.587  INFO 16337 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2018-01-20 12:59:57.610  INFO 16337 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 22 ms
Hibernate: 
    select
        user0_.id as id1_2_,
        user0_.enabled as enabled2_2_,
        user0_.password as password3_2_,
        user0_.role_id as role_id5_2_,
        user0_.username as username4_2_ 
    from
        User user0_ 
    where
        user0_.username=?
Hibernate: 
    select
        role0_.id as id1_0_0_,
        role0_.name as name2_0_0_ 
    from
        Role role0_ 
    where
        role0_.id=?
2018-01-20 13:00:02.291  WARN 16337 --- [nio-8080-exec-7] o.s.s.c.bcrypt.BCryptPasswordEncoder     : Encoded password does not look like BCrypt

I used the same site to generate the hash as Chris.

Anyone else having the same problem?

Andrey Serebryanskiy
Andrey Serebryanskiy
5,756 Points
Andrey Serebryanskiy
Andrey Serebryanskiy
5,756 Points

I'm having the same problem. Tried another sites and nothing changed. However, with this '$2a$08$wgwoMKfYl5AUE9QtP4OjheNkkSDoqDmFGjjPE2XTPLDe9xso/hy7u' hash from video everything works fine. May be we have old release of spring security and it doesn't recognise new version of the encoding?

Sam Millington
Sam Millington
7,537 Points
Sam Millington
Sam Millington
7,537 Points

I just hit the same issue. As Bryan Dobberstein suggested, finding a website that allows you to manually select the strength or rounds of the encryption corrects it.

1 Answer

Bryan Dobberstein
Bryan Dobberstein
16,361 Points
Bryan Dobberstein
Bryan Dobberstein
16,361 Points

The site he uses doesn't seem to be generating a correct hash. I found a different site that allowed me to manually set the strength to 10 to match the code and the hash I got there worked.