Using salt in Spring Security

Spring Security 3.1 provides a new cryptography module that is included in the spring-security-core module and is available separately in spring-security-crypto. The crypto module contains its own o.s.s.crypto.password.PasswordEncoder interface. In fact, using this interface is the preferred method for encoding passwords, because it will salt passwords using a random salt. At the time of this writing, there are the following three implementations of o.s.s.crypto.password.PasswordEncoder:

For those who are familiar with Spring Security 3.0, salt used to be provided using o.s.s.authentication.dao.SaltSource. While still supported, this mechanism is not demonstrated in this book, since it is not the preferred mechanism for providing salt.