We have abilities to do this currently in Broadleaf with some configuration. We decided to keep this simple and just store plain-text. And it's actually best to use MD5 with a salt.
You can change the password encoding by adding something like this to your applicationContext-admin-security:
Code: Select all
<!-- The BLC Admin authentication manager -->
<sec:authentication-manager alias="blAdminAuthenticationManager">
<sec:authentication-provider user-service-ref="blAdminUserDetailsService">
<sec:password-encoder ref="blPasswordEncoder">
<sec:salt-source system-wide="someSalt" />
</sec:password-encoder>
</sec:authentication-provider>
</sec:authentication-manager>
And then adding this in your applicationContext-admin.xml:
Code: Select all
<bean id="blPasswordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
<bean id="blAdminSecurityService" class="org.broadleafcommerce.openadmin.server.security.service.AdminSecurityServiceImpl">
<!-- this value must match what you have in applicationContext-security -->
<property name="salt" value="someSalt" />
</bean>
Alternatively, you can use a 'user-property' for the salt source in the password encoder rather than 'system-wide', which will prevent you from having to override the blAdminSecurityService bean. More info:
http://static.springsource.org/spring-s ... alt-source