How to use salt from a database field in Spring Security

I am using spring-security-3.1.0 with spring-framework-3.0.6. I use salt to test the security of the login. But the problem with salt in salt is the source. if i use beans: property name = "userPropertyToUse" value = "username" then everything is fine but the problem is <beans:property name="userPropertyToUse" value="lalt">

even hardcoded I have configured all the necessary configuration for "salt"

. It is throwing this message Cannot find salt method on user object. Is the class "" has a method or getter named "salt"?

My spring-security.xml looks like this

<beans:bean id="saltSource" class="">
    <beans:property name="userPropertyToUse" value="salt" />
<beans:bean id="passwordEncoder" class=""/>

<beans:bean id="loggerListener" class="" /> 

    <authentication-provider user-service-ref="jdbcUserService">
        <password-encoder ref="passwordEncoder">
            <salt-source ref="saltSource"/>

<beans:bean id="jdbcUserService" class="controllers.CustomJdbcDaoImpl">
    <beans:property name="dataSource" ref="dataSource"/>
    <beans:property name="usersByUsernameQuery">
        <beans:value>SELECT U.userid AS username, 
            U.userpassword as password, 
            'true' AS enabled,
            U.userpasswordsalt AS salt 
            FROM users U WHERE U.userid=?
    <beans:property name="authoritiesByUsernameQuery">
        <beans:value>SELECT U.userid AS username,
            U.userrole as authority 
            FROM users U 
            WHERE U.userid=?


My for salt

public class CustomJdbcDaoImpl extends JdbcDaoImpl {
    protected List<UserDetails> loadUsersByUsername(String username) {
        return getJdbcTemplate().query(getUsersByUsernameQuery(),new String[] {username},
            new RowMapper<UserDetails>() {
                public UserDetails mapRow(ResultSet rs, int rowNum)throws SQLException {
                    String username = rs.getString(1);
                    String password = rs.getString(2);
                    boolean enabled = rs.getBoolean(3);
                    String salt = rs.getString(4);
                    System.out.println("CustomJdbcDaoImpl Salt : "+salt);
                    return new SaltedUser(username, password,enabled, true, true, true,AuthorityUtils.NO_AUTHORITIES, salt);


And My

public class SaltedUser extends User{
    private String salt;
    public SaltedUser(String username, String password,boolean enabled,
            boolean accountNonExpired, boolean credentialsNonExpired,
            boolean accountNonLocked, List<GrantedAuthority>authorities, String salt) {
        super(username, password, enabled,accountNonExpired, credentialsNonExpired,accountNonLocked, authorities);
        this.salt = salt;
        System.out.println("SaltedUser Salt : "+salt);

    public String getSalt() {
        return salt;

    public void setSalt(String salt) {
        this.salt = salt;


Anyone can help me ....?


source to share

1 answer

You need to override the method createUserDetails

that creates the final implementation UserDetails

returned by the class. Take a look at the source JdbcDaoImpl


Note that if you are not building this for a legacy system that already has a password hashing system installed, using something like BCrypt to encode your passwords would be a simpler and easier option.



All Articles