Bird
Raised Fist0
Spring Bootframework~20 mins

Password encoding with BCrypt in Spring Boot - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
BCrypt Password Encoding Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output of this BCrypt password encoding snippet?
Consider the following Spring Boot code that encodes a password using BCryptPasswordEncoder. What will be the output type and general format of the encoded password string?
Spring Boot
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordEncoderTest {
    public static void main(String[] args) {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String rawPassword = "mypassword";
        String encodedPassword = encoder.encode(rawPassword);
        System.out.println(encodedPassword);
    }
}
AA string starting with "$2a$" or "$2b$" followed by a 60-character hash
BA plain text password identical to the input string
CA numeric hash value representing the password
DA Base64 encoded string without any prefix
Attempts:
2 left
💡 Hint
Think about how BCrypt hashes are formatted and what the encoder outputs.
state_output
intermediate
2:00remaining
What is the result of matching a raw password against a BCrypt hash?
Given this code snippet, what will be the output of the match check?
Spring Boot
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordMatchTest {
    public static void main(String[] args) {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String rawPassword = "secret123";
        String encodedPassword = encoder.encode(rawPassword);
        boolean matches = encoder.matches("secret123", encodedPassword);
        System.out.println(matches);
    }
}
ARuntime exception due to invalid password format
Btrue
CCompilation error due to missing imports
Dfalse
Attempts:
2 left
💡 Hint
The matches method compares raw and encoded passwords correctly if used properly.
📝 Syntax
advanced
2:00remaining
Which option correctly configures a BCryptPasswordEncoder bean in Spring Boot?
You want to create a BCryptPasswordEncoder bean in a Spring Boot configuration class. Which code snippet is syntactically correct and follows Spring Boot patterns?
A
@Bean
public void passwordEncoder() {
    new BCryptPasswordEncoder();
}
B
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}
C
@Bean
public BCryptPasswordEncoder passwordEncoder() {
    BCryptPasswordEncoder encoder;
}
D
@Bean
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}
Attempts:
2 left
💡 Hint
Remember that a bean method must return the bean instance and be annotated with @Bean.
🔧 Debug
advanced
2:00remaining
Why does this password match check always return false?
Examine the code below. Why does the password match check always print false?
Spring Boot
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class PasswordCheck {
    public static void main(String[] args) {
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        String rawPassword = "pass123";
        String encodedPassword = encoder.encode(rawPassword);
        boolean matches = encoder.matches(rawPassword, rawPassword);
        System.out.println(matches);
    }
}
ABecause matches compares the raw password to the encoded password, but here it compares raw to raw
BBecause rawPassword is null causing NullPointerException
CBecause encode method returns null causing matches to fail
DBecause BCryptPasswordEncoder is not initialized properly
Attempts:
2 left
💡 Hint
Check the arguments passed to the matches method carefully.
🧠 Conceptual
expert
2:00remaining
What is the main security benefit of using BCrypt for password encoding?
Why is BCrypt preferred over simple hashing algorithms like MD5 or SHA-1 for password encoding in Spring Boot applications?
ABCrypt hashes can be reversed to get the original password if needed
BBCrypt produces shorter hashes which save database space
CBCrypt automatically salts passwords and is computationally expensive, making brute-force attacks harder
DBCrypt uses symmetric encryption to protect passwords
Attempts:
2 left
💡 Hint
Think about how password hashing defends against attackers guessing passwords.

Practice

(1/5)
1. What is the main purpose of using BCryptPasswordEncoder in Spring Boot?
easy
A. To validate email addresses
B. To decode passwords back to plain text
C. To generate random passwords for users
D. To securely encode passwords before storing them

Solution

  1. Step 1: Understand BCryptPasswordEncoder role

    BCryptPasswordEncoder is used to convert plain passwords into a secure encoded form.

  2. Step 2: Identify correct purpose

    It does not decode or generate passwords, only encodes them securely.

  3. Final Answer:

    To securely encode passwords before storing them -> Option D

  4. Quick Check:

    Password encoding = Secure storage [OK]
Hint: BCrypt encodes, never decodes passwords [OK]
Common Mistakes:
  • Thinking BCrypt can decode passwords
  • Confusing encoding with password generation
  • Using it for unrelated tasks like email validation
2. Which of the following is the correct way to create a BCryptPasswordEncoder instance in Spring Boot?
easy
A. BCryptPasswordEncoder encoder = BCryptPasswordEncoder();
B. BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
C. BCryptPasswordEncoder encoder = new BCryptPasswordEncoder.encode();
D. BCryptPasswordEncoder encoder = encode(new BCryptPasswordEncoder());

Solution

  1. Step 1: Recall Java object creation syntax

    In Java, to create an object, use the new keyword followed by the constructor.

  2. Step 2: Match correct syntax

    BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); correctly uses new BCryptPasswordEncoder(); to create an instance.

  3. Final Answer:

    BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); -> Option B

  4. Quick Check:

    Object creation = new + constructor [OK]
Hint: Use 'new' keyword to create objects in Java [OK]
Common Mistakes:
  • Omitting 'new' keyword when creating objects
  • Calling methods instead of constructors
  • Incorrect method chaining in object creation
3. Given the following code snippet, what will be the output of matches method?
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String rawPassword = "mypassword";
String encodedPassword = encoder.encode(rawPassword);
boolean result = encoder.matches("mypassword", encodedPassword);
System.out.println(result);
medium
A. true
B. false
C. Compilation error
D. Runtime exception

Solution

  1. Step 1: Understand encode and matches methods

    The encode method creates a hashed password. The matches method checks if the raw password matches the encoded hash.

  2. Step 2: Analyze the code flow

    The raw password "mypassword" is encoded, then matches compares the same raw password with the encoded one, so it returns true.

  3. Final Answer:

    true -> Option A

  4. Quick Check:

    matches(raw, encoded) = true if same password [OK]
Hint: matches() returns true if raw matches encoded password [OK]
Common Mistakes:
  • Assuming encode returns plain text
  • Thinking matches compares encoded strings directly
  • Expecting false because encoded password looks different
4. Identify the error in the following Spring Boot code snippet for password encoding:
BCryptPasswordEncoder encoder;
String encoded = encoder.encode("secret");
medium
A. String type cannot hold encoded password
B. encode method does not exist in BCryptPasswordEncoder
C. encoder is not initialized before use
D. Missing import statement for BCryptPasswordEncoder

Solution

  1. Step 1: Check variable initialization

    The variable encoder is declared but not assigned an instance before calling encode.

  2. Step 2: Understand consequences

    Using an uninitialized object causes a NullPointerException at runtime.

  3. Final Answer:

    encoder is not initialized before use -> Option C

  4. Quick Check:

    Uninitialized objects cause runtime errors [OK]
Hint: Always initialize objects before calling methods [OK]
Common Mistakes:
  • Forgetting to create new instance with 'new'
  • Assuming declaration equals initialization
  • Ignoring runtime NullPointerException
5. You want to store user passwords securely in your Spring Boot application. Which approach correctly uses BCryptPasswordEncoder to encode and verify passwords during login?
hard
A. Encode password on registration, store encoded; on login, use matches(rawPassword, storedEncodedPassword)
B. Store plain password; on login, encode input and compare with stored plain password
C. Encode password on registration, store encoded; on login, encode input and compare encoded strings directly
D. Encode password on registration, store encoded; on login, decode stored password and compare with input

Solution

  1. Step 1: Understand secure password storage

    Passwords must be encoded before storing; plain text storage is insecure.

  2. Step 2: Verify password correctly on login

    Use matches(rawPassword, storedEncodedPassword) to check if input matches stored hash without decoding.

  3. Final Answer:

    Encode password on registration, store encoded; on login, use matches(rawPassword, storedEncodedPassword) -> Option A

  4. Quick Check:

    Use matches() to verify passwords securely [OK]
Hint: Use matches() to check raw vs encoded passwords [OK]
Common Mistakes:
  • Comparing encoded strings directly (they differ each time)
  • Storing plain text passwords
  • Trying to decode encoded passwords (not possible)