Fix Password Encoding for Default user

[rwinch]

The code in AuthenticationManagerConfiguration assumes a PasswordEncoder of NoOpPasswordEncoder which was the default of Spring Security until recently. Now the default is PasswordEncoderFactories.createDelegatingPasswordEncoder().

This is the un-tested version of the updates that should be made:

public class AuthenticationManagerConfiguration {
	private static final Log logger = LogFactory
			.getLog(AuthenticationManagerConfiguration.class);
	@Autowired(required = false)
	private PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
	@Bean
	public InMemoryUserDetailsManager inMemoryUserDetailsManager() throws Exception {
		String password = UUID.randomUUID().toString();
		logger.info(String.format("%n%nUsing default security password: %s%n", password));
		String encodedPassword = this.encoder.encode(password);
		return new InMemoryUserDetailsManager(
				User.withUsername("user").password(encodedPassword).roles().build());
	}

}

A similar change needs to be done in ReactiveAuthenticationManagerConfiguration

[wilkinsona]

Some of the samples declare their own InMemoryUserDetailsManager so they'll need to be updated too. Something like this I think:

@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager(
        ObjectProvider<PasswordEncoder> passwordEncoder) throws Exception {
    return new InMemoryUserDetailsManager(User.withUsername("user")
            .password(passwordEncoder
                    .getIfAvailable(
                            PasswordEncoderFactories::createDelegatingPasswordEncoder)
                    .encode("password"))
            .roles("USER").build());
}

[rwinch]

@wilkinsona Thanks. Since the sample knows there is no PasswordEncoder for those I'd recommend using the following which just uses PasswordEncoderFactories::createDelegatingPasswordEncoder()

User.withDefaultPasswordEncoder().username('user").password("password").roles("USER").build()

[wilkinsona]

Thanks for the tip; that's a lot less code.

[wilkinsona]

Work in progress on getting this working again is here. The Actuator custom security sample still fails with these changes so there's more to do, although I'm not quite sure what that is just yet.