BAEL-3091: The Prototype Pattern in Java (changed code based on valid comments from a reader)

2019-10-29 22:27:15 +05:30
parent db85c8f275
commit d3d5b060e7
20517 changed files with 1642290 additions and 0 deletions
@@ -0,0 +1,32 @@
+package com.baeldung.dsl;
+
+import java.util.List;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
+
+public class ClientErrorLoggingConfigurer extends AbstractHttpConfigurer<ClientErrorLoggingConfigurer, HttpSecurity> {
+
+    private List<HttpStatus> errorCodes;
+
+    public ClientErrorLoggingConfigurer(List<HttpStatus> errorCodes) {
+        this.errorCodes = errorCodes;
+    }
+
+    public ClientErrorLoggingConfigurer() {
+
+    }
+
+    @Override
+    public void init(HttpSecurity http) throws Exception {
+        // initialization code
+    }
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.addFilterAfter(new ClientErrorLoggingFilter(errorCodes), FilterSecurityInterceptor.class);
+    }
+
+}
@@ -0,0 +1,57 @@
+package com.baeldung.dsl;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.GenericFilterBean;
+
+public class ClientErrorLoggingFilter extends GenericFilterBean {
+
+    private static final Logger logger = LogManager.getLogger(ClientErrorLoggingFilter.class);
+
+    private List<HttpStatus> errorCodes;
+
+    public ClientErrorLoggingFilter(List<HttpStatus> errorCodes) {
+        this.errorCodes = errorCodes;
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+
+        Authentication auth = SecurityContextHolder.getContext()
+            .getAuthentication();
+
+        if (auth == null) {
+            chain.doFilter(request, response);
+            return;
+        }
+        int status = ((HttpServletResponse) response).getStatus();
+        if (status < 400 || status >= 500) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        if (errorCodes == null) {
+            logger.debug("User " + auth.getName() + " encountered error " + status);
+        } else {
+            if (errorCodes.stream()
+                .anyMatch(s -> s.value() == status)) {
+                logger.debug("User " + auth.getName() + " encountered error " + status);
+            }
+        }
+
+        chain.doFilter(request, response);
+    }
+
+}
@@ -0,0 +1,13 @@
+package com.baeldung.dsl;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class CustomConfigurerApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(CustomConfigurerApplication.class, args);
+    }
+
+}
@@ -0,0 +1,14 @@
+package com.baeldung.dsl;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class MyController {
+
+    @GetMapping("/admin")
+    public String getAdminPage() {
+        return "Hello Admin";
+    }
+
+}
@@ -0,0 +1,50 @@
+package com.baeldung.dsl;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/admin*")
+            .hasAnyRole("ADMIN")
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .and()
+            .apply(clientErrorLogging());
+    }
+
+    @Bean
+    public ClientErrorLoggingConfigurer clientErrorLogging() {
+        return new ClientErrorLoggingConfigurer();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+            .passwordEncoder(passwordEncoder())
+            .withUser("user1")
+            .password(passwordEncoder().encode("user"))
+            .roles("USER")
+            .and()
+            .withUser("admin")
+            .password(passwordEncoder().encode("admin"))
+            .roles("ADMIN");
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+}
@@ -0,0 +1,14 @@
+package com.baeldung.inmemory;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class InMemoryAuthApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(InMemoryAuthApplication.class, args);
+    }
+
+
+}
@@ -0,0 +1,21 @@
+package com.baeldung.inmemory;
+
+import java.util.Arrays;
+import java.util.List;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class InMemoryAuthController {
+
+    @GetMapping("/public/hello")
+    public List<String> publicHello() {
+        return Arrays.asList("Hello", "World", "from", "Public");
+    }
+
+    @GetMapping("/private/hello")
+    public List<String> privateHello() {
+        return Arrays.asList("Hello", "World", "from", "Private");
+    }
+
+}
@@ -0,0 +1,34 @@
+package com.baeldung.inmemory;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class InMemoryAuthWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();        
+        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
+            .withUser("spring")
+            .password(encoder.encode("secret"))            
+            .roles("USER");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/private/**")
+            .authenticated()
+            .antMatchers("/public/**")
+            .permitAll()
+            .and()
+            .httpBasic();
+    }
+
+}
@@ -0,0 +1,50 @@
+package com.baeldung.loginextrafieldscustom;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+
+    public static final String SPRING_SECURITY_FORM_DOMAIN_KEY = "domain";
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) 
+        throws AuthenticationException {
+
+        if (!request.getMethod().equals("POST")) {
+            throw new AuthenticationServiceException("Authentication method not supported: " 
+              + request.getMethod());
+        }
+
+        CustomAuthenticationToken authRequest = getAuthRequest(request);
+        setDetails(request, authRequest);
+        return this.getAuthenticationManager().authenticate(authRequest);
+    }
+
+    private CustomAuthenticationToken getAuthRequest(HttpServletRequest request) {
+        String username = obtainUsername(request);
+        String password = obtainPassword(request);
+        String domain = obtainDomain(request);
+
+        if (username == null) {
+            username = "";
+        }
+        if (password == null) {
+            password = "";
+        }
+        if (domain == null) {
+            domain = "";
+        }
+
+        return new CustomAuthenticationToken(username, password, domain);
+    }
+
+    private String obtainDomain(HttpServletRequest request) {
+        return request.getParameter(SPRING_SECURITY_FORM_DOMAIN_KEY);
+    }
+}
@@ -0,0 +1,28 @@
+package com.baeldung.loginextrafieldscustom;
+
+import java.util.Collection;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+public class CustomAuthenticationToken extends UsernamePasswordAuthenticationToken {
+
+    private String domain;
+
+    public CustomAuthenticationToken(Object principal, Object credentials, String domain) {
+        super(principal, credentials);
+        this.domain = domain;
+        super.setAuthenticated(false);
+    }
+
+    public CustomAuthenticationToken(Object principal, Object credentials, String domain, 
+        Collection<? extends GrantedAuthority> authorities) {
+        super(principal, credentials, authorities);
+        this.domain = domain;
+        super.setAuthenticated(true); // must use super, as we override
+    }
+
+    public String getDomain() {
+        return this.domain;
+    }
+}
@@ -0,0 +1,92 @@
+package com.baeldung.loginextrafieldscustom;
+
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.util.Assert;
+
+public class CustomUserDetailsAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
+
+    /**
+     * The plaintext password used to perform
+     * PasswordEncoder#matches(CharSequence, String)}  on when the user is
+     * not found to avoid SEC-2056.
+     */
+    private static final String USER_NOT_FOUND_PASSWORD = "userNotFoundPassword";
+
+    private PasswordEncoder passwordEncoder;
+    private CustomUserDetailsService userDetailsService;
+
+    /**
+     * The password used to perform
+     * {@link PasswordEncoder#matches(CharSequence, String)} on when the user is
+     * not found to avoid SEC-2056. This is necessary, because some
+     * {@link PasswordEncoder} implementations will short circuit if the password is not
+     * in a valid format.
+     */
+    private String userNotFoundEncodedPassword;
+
+    public CustomUserDetailsAuthenticationProvider(PasswordEncoder passwordEncoder, CustomUserDetailsService userDetailsService) {
+        this.passwordEncoder = passwordEncoder;
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Override
+    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) 
+        throws AuthenticationException {
+
+        if (authentication.getCredentials() == null) {
+            logger.debug("Authentication failed: no credentials provided");
+            throw new BadCredentialsException(
+                messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
+        }
+
+        String presentedPassword = authentication.getCredentials()
+            .toString();
+
+        if (!passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
+            logger.debug("Authentication failed: password does not match stored value");
+            throw new BadCredentialsException(
+                messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
+        }
+    }
+
+    @Override
+    protected void doAfterPropertiesSet() throws Exception {
+        Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
+        this.userNotFoundEncodedPassword = this.passwordEncoder.encode(USER_NOT_FOUND_PASSWORD);
+    }
+
+    @Override
+    protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) 
+        throws AuthenticationException {
+        CustomAuthenticationToken auth = (CustomAuthenticationToken) authentication;
+        UserDetails loadedUser;
+
+        try {
+            loadedUser = this.userDetailsService.loadUserByUsernameAndDomain(auth.getPrincipal()
+                .toString(), auth.getDomain());
+        } catch (UsernameNotFoundException notFound) {
+            if (authentication.getCredentials() != null) {
+                String presentedPassword = authentication.getCredentials()
+                    .toString();
+                passwordEncoder.matches(presentedPassword, userNotFoundEncodedPassword);
+            }
+            throw notFound;
+        } catch (Exception repositoryProblem) {
+            throw new InternalAuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
+        }
+
+        if (loadedUser == null) {
+            throw new InternalAuthenticationServiceException("UserDetailsService returned null, "
+                + "which is an interface contract violation");
+        }
+        return loadedUser;
+    }
+
+}
@@ -0,0 +1,10 @@
+package com.baeldung.loginextrafieldscustom;
+
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+public interface CustomUserDetailsService {
+
+    UserDetails loadUserByUsernameAndDomain(String username, String domain) throws UsernameNotFoundException;
+
+}
@@ -0,0 +1,30 @@
+package com.baeldung.loginextrafieldscustom;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service("userDetailsService")
+public class CustomUserDetailsServiceImpl implements CustomUserDetailsService {
+
+    private UserRepository userRepository;
+ 
+    public CustomUserDetailsServiceImpl(UserRepository userRepository) {
+        this.userRepository = userRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsernameAndDomain(String username, String domain) throws UsernameNotFoundException {
+        if (StringUtils.isAnyBlank(username, domain)) {
+            throw new UsernameNotFoundException("Username and domain must be provided");
+        }
+        User user = userRepository.findUser(username, domain);
+        if (user == null) {
+            throw new UsernameNotFoundException(
+                String.format("Username not found for domain, username=%s, domain=%s", 
+                    username, domain));
+        }
+        return user;
+    }
+}
@@ -0,0 +1,26 @@
+package com.baeldung.loginextrafieldscustom;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.stereotype.Repository;
+
+@Repository("userRepository")
+public class CustomUserRepository implements UserRepository {
+
+    @Override
+    public User findUser(String username, String domain) {
+        if (StringUtils.isAnyBlank(username, domain)) {
+            return null;
+        } else {
+            Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
+            User user =  new User(username, domain, 
+                "$2a$10$U3GhSMpsMSOE8Kqsbn58/edxDBKlVuYMh7qk/7ErApYFjJzi2VG5K", true, 
+                true, true, true, authorities);
+            return user;
+        }
+    }
+
+}
@@ -0,0 +1,13 @@
+package com.baeldung.loginextrafieldscustom;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class ExtraLoginFieldsApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(ExtraLoginFieldsApplication.class, args);
+    }
+
+}
@@ -0,0 +1,62 @@
+package com.baeldung.loginextrafieldscustom;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@EnableWebSecurity
+@PropertySource("classpath:/application-extrafields.properties")
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private CustomUserDetailsService userDetailsService;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        
+        http
+            .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
+            .authorizeRequests()
+                .antMatchers("/css/**", "/index").permitAll()
+                .antMatchers("/user/**").authenticated()
+            .and()
+            .formLogin().loginPage("/login")
+            .and()
+            .logout()
+            .logoutUrl("/logout");
+    }
+
+    public CustomAuthenticationFilter authenticationFilter() throws Exception {
+        CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
+        filter.setAuthenticationManager(authenticationManagerBean());
+        filter.setAuthenticationFailureHandler(failureHandler());
+        return filter;
+    }
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(authProvider());
+    }
+
+    public AuthenticationProvider authProvider() {
+        CustomUserDetailsAuthenticationProvider provider 
+            = new CustomUserDetailsAuthenticationProvider(passwordEncoder(), userDetailsService);
+        return provider;
+    }
+
+    public SimpleUrlAuthenticationFailureHandler failureHandler() {
+        return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
+    }
+
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
@@ -0,0 +1,23 @@
+package com.baeldung.loginextrafieldscustom;
+
+import java.util.Collection;
+
+import org.springframework.security.core.GrantedAuthority;
+
+public class User extends org.springframework.security.core.userdetails.User {
+
+    private static final long serialVersionUID = 1L;
+
+    private String domain;
+
+    public User(String username, String domain, String password, boolean enabled, 
+        boolean accountNonExpired, boolean credentialsNonExpired, 
+        boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
+        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
+        this.domain = domain;
+    }
+
+    public String getDomain() {
+        return domain;
+    }
+}
@@ -0,0 +1,7 @@
+package com.baeldung.loginextrafieldscustom;
+
+public interface UserRepository {
+
+    public User findUser(String username, String domain);
+    
+}
@@ -0,0 +1,51 @@
+package com.baeldung.loginextrafieldscustom;
+
+import java.util.Optional;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class WebController {
+
+    @RequestMapping("/")
+    public String root() {
+        return "redirect:/index";
+    }
+
+    @RequestMapping("/index")
+    public String index(Model model) {
+        getDomain().ifPresent(d -> {
+            model.addAttribute("domain", d);
+        });
+        return "index";
+    }
+
+    @RequestMapping("/user/index")
+    public String userIndex(Model model) {
+        getDomain().ifPresent(d -> {
+            model.addAttribute("domain", d);
+        });
+        return "user/index";
+    }
+
+    @RequestMapping("/login")
+    public String login() {
+        return "login";
+    }
+
+    private Optional<String> getDomain() {
+        Authentication auth = SecurityContextHolder.getContext()
+            .getAuthentication(); 
+        String domain = null;
+        if (auth != null && !auth.getClass().equals(AnonymousAuthenticationToken.class)) {
+            User user = (User) auth.getPrincipal();
+            domain = user.getDomain();
+        }
+        return Optional.ofNullable(domain);
+    }
+}
@@ -0,0 +1,13 @@
+package com.baeldung.loginextrafieldssimple;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class ExtraLoginFieldsApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(ExtraLoginFieldsApplication.class, args);
+    }
+
+}
@@ -0,0 +1,65 @@
+package com.baeldung.loginextrafieldssimple;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@EnableWebSecurity
+@PropertySource("classpath:/application-extrafields.properties")
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        
+        http
+            .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
+            .authorizeRequests()
+                .antMatchers("/css/**", "/index").permitAll()
+                .antMatchers("/user/**").authenticated()
+            .and()
+            .formLogin().loginPage("/login")
+            .and()
+            .logout()
+            .logoutUrl("/logout");
+    }
+
+    public SimpleAuthenticationFilter authenticationFilter() throws Exception {
+        SimpleAuthenticationFilter filter = new SimpleAuthenticationFilter();
+        filter.setAuthenticationManager(authenticationManagerBean());
+        filter.setAuthenticationFailureHandler(failureHandler());
+        return filter;
+    }
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(authProvider());
+    }
+
+    public AuthenticationProvider authProvider() {
+        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+        provider.setUserDetailsService(userDetailsService);
+        provider.setPasswordEncoder(passwordEncoder());
+        return provider;
+    }
+
+    public SimpleUrlAuthenticationFailureHandler failureHandler() {
+        return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
+    }
+
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
@@ -0,0 +1,54 @@
+package com.baeldung.loginextrafieldssimple;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+public class SimpleAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+
+    public static final String SPRING_SECURITY_FORM_DOMAIN_KEY = "domain";
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) 
+        throws AuthenticationException {
+
+        if (!request.getMethod()
+            .equals("POST")) {
+            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
+        }
+
+        UsernamePasswordAuthenticationToken authRequest = getAuthRequest(request);
+        setDetails(request, authRequest);
+        return this.getAuthenticationManager()
+            .authenticate(authRequest);
+    }
+
+    private UsernamePasswordAuthenticationToken getAuthRequest(HttpServletRequest request) {
+        String username = obtainUsername(request);
+        String password = obtainPassword(request);
+        String domain = obtainDomain(request);
+
+        if (username == null) {
+            username = "";
+        }
+        if (password == null) {
+            password = "";
+        }
+        if (domain == null) {
+            domain = "";
+        }
+
+        String usernameDomain = String.format("%s%s%s", username.trim(), 
+            String.valueOf(Character.LINE_SEPARATOR), domain);
+        return new UsernamePasswordAuthenticationToken(usernameDomain, password);        
+    }
+
+    private String obtainDomain(HttpServletRequest request) {
+        return request.getParameter(SPRING_SECURITY_FORM_DOMAIN_KEY);
+    }
+}
@@ -0,0 +1,32 @@
+package com.baeldung.loginextrafieldssimple;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service("userDetailsService")
+public class SimpleUserDetailsService implements UserDetailsService {
+
+    private UserRepository userRepository;
+ 
+    public SimpleUserDetailsService(UserRepository userRepository) {
+        this.userRepository = userRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        String[] usernameAndDomain = StringUtils.split(username, String.valueOf(Character.LINE_SEPARATOR));
+        if (usernameAndDomain == null || usernameAndDomain.length != 2) {
+            throw new UsernameNotFoundException("Username and domain must be provided");
+        }
+        User user = userRepository.findUser(usernameAndDomain[0], usernameAndDomain[1]);
+        if (user == null) {
+            throw new UsernameNotFoundException(
+                String.format("Username not found for domain, username=%s, domain=%s", 
+                    usernameAndDomain[0], usernameAndDomain[1]));
+        }
+        return user;
+    }
+}
@@ -0,0 +1,26 @@
+package com.baeldung.loginextrafieldssimple;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.stereotype.Repository;
+
+@Repository("userRepository")
+public class SimpleUserRepository implements UserRepository {
+
+    @Override
+    public User findUser(String username, String domain) {
+        if (StringUtils.isAnyBlank(username, domain)) {
+            return null;
+        } else {
+            Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
+            User user =  new User(username, domain, 
+                "$2a$10$U3GhSMpsMSOE8Kqsbn58/edxDBKlVuYMh7qk/7ErApYFjJzi2VG5K", true, 
+                true, true, true, authorities);
+            return user;
+        }
+    }
+
+}
@@ -0,0 +1,21 @@
+package com.baeldung.loginextrafieldssimple;
+
+import java.util.Collection;
+
+import org.springframework.security.core.GrantedAuthority;
+
+public class User extends org.springframework.security.core.userdetails.User {
+
+    private String domain;
+
+    public User(String username, String domain, String password, boolean enabled, 
+        boolean accountNonExpired, boolean credentialsNonExpired, 
+        boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
+        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
+        this.domain = domain;
+    }
+
+    public String getDomain() {
+        return domain;
+    }
+}
@@ -0,0 +1,7 @@
+package com.baeldung.loginextrafieldssimple;
+
+public interface UserRepository {
+
+    public User findUser(String username, String domain);
+    
+}
@@ -0,0 +1,51 @@
+package com.baeldung.loginextrafieldssimple;
+
+import java.util.Optional;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class WebController {
+
+    @RequestMapping("/")
+    public String root() {
+        return "redirect:/index";
+    }
+
+    @RequestMapping("/index")
+    public String index(Model model) {
+        getDomain().ifPresent(d -> {
+            model.addAttribute("domain", d);
+        });
+        return "index";
+    }
+
+    @RequestMapping("/user/index")
+    public String userIndex(Model model) {
+        getDomain().ifPresent(d -> {
+            model.addAttribute("domain", d);
+        });
+        return "user/index";
+    }
+
+    @RequestMapping("/login")
+    public String login() {
+        return "login";
+    }
+
+    private Optional<String> getDomain() {
+        Authentication auth = SecurityContextHolder.getContext()
+            .getAuthentication(); 
+        String domain = null;
+        if (auth != null && !auth.getClass().equals(AnonymousAuthenticationToken.class)) {
+            User user = (User) auth.getPrincipal();
+            domain = user.getDomain();
+        }
+        return Optional.ofNullable(domain);
+    }
+}
@@ -0,0 +1,35 @@
+package com.baeldung.passwordstorage;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class BaeldungPasswordEncoderSetup {
+
+    private final static Logger LOG = LoggerFactory.getLogger(BaeldungPasswordEncoderSetup.class);
+
+    @Bean
+    public ApplicationListener<AuthenticationSuccessEvent> authenticationSuccessListener(final PasswordEncoder encoder) {
+
+        return (AuthenticationSuccessEvent event) -> {
+            final Authentication auth = event.getAuthentication();
+
+            if (auth instanceof UsernamePasswordAuthenticationToken && auth.getCredentials() != null) {
+
+                final CharSequence clearTextPass = (CharSequence) auth.getCredentials(); // 1
+                final String newPasswordHash = encoder.encode(clearTextPass); // 2
+
+                LOG.info("New password hash {} for user {}", newPasswordHash, auth.getName());
+
+                ((UsernamePasswordAuthenticationToken) auth).eraseCredentials(); // 3
+            }
+        };
+    }
+}
@@ -0,0 +1,13 @@
+package com.baeldung.passwordstorage;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class PasswordStorageApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(PasswordStorageApplication.class, args);
+    }
+
+}
@@ -0,0 +1,55 @@
+package com.baeldung.passwordstorage;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.crypto.password.StandardPasswordEncoder;
+import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+@Configuration
+public class PasswordStorageWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.eraseCredentials(false) // 4
+          .userDetailsService(getUserDefaultDetailsService())
+          .passwordEncoder(passwordEncoder());
+    }
+
+    @Bean
+    public UserDetailsService getUserDefaultDetailsService() {
+        return new InMemoryUserDetailsManager(User
+          .withUsername("baeldung")
+          .password("{noop}SpringSecurity5")
+          .authorities(Collections.emptyList())
+          .build());
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        // set up the list of supported encoders and their prefixes
+        PasswordEncoder defaultEncoder = new StandardPasswordEncoder();
+        Map<String, PasswordEncoder> encoders = new HashMap<>();
+        encoders.put("bcrypt", new BCryptPasswordEncoder());
+        encoders.put("scrypt", new SCryptPasswordEncoder());
+        encoders.put("noop", NoOpPasswordEncoder.getInstance());
+
+        DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder("bcrypt", encoders);
+        passwordEncoder.setDefaultPasswordEncoderForMatches(defaultEncoder);
+
+        return passwordEncoder;
+    }
+
+}