0
0
Spring Bootframework~10 mins

Password encoding with BCrypt in Spring Boot - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Password encoding with BCrypt
User inputs password
BCryptPasswordEncoder encodes password
Encoded password stored securely
User login attempt
BCryptPasswordEncoder matches raw and encoded
If match: allow access, else deny
The flow shows how a password is encoded with BCrypt before storage and later matched during login.
Execution Sample
Spring Boot
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String rawPassword = "mySecret123";
String encodedPassword = encoder.encode(rawPassword);
boolean matches = encoder.matches("mySecret123", encodedPassword);
This code encodes a raw password and then checks if a raw password matches the encoded one.
Execution Table
StepActionInputOutputNotes
1Create encoderNoneBCryptPasswordEncoder instanceReady to encode passwords
2Encode password"mySecret123"Encoded string (hash)Password hashed with salt
3Match passwordRaw: "mySecret123", Encoded: hashtrueRaw matches encoded hash
4Match passwordRaw: "wrongPass", Encoded: hashfalseRaw does not match encoded hash
💡 Password matching returns false when raw password does not match encoded hash
Variable Tracker
VariableStartAfter EncodingAfter Match TrueAfter Match False
rawPassword"mySecret123""mySecret123""mySecret123""wrongPass"
encodedPasswordnull"$2a$10$...""$2a$10$...""$2a$10$..."
matchesnullnulltruefalse
Key Moments - 3 Insights
Why does the encoded password look like a random string?
BCrypt adds a random salt and hashes the password, so the output is a secure, unique string as shown in step 2 of the execution_table.
Can the encoded password be reversed to get the original password?
No, BCrypt is a one-way hash. You can only check if a raw password matches the encoded hash using the matches method, as shown in steps 3 and 4.
Why does matching fail if the raw password is different?
Because the hash generated from a different raw password won't match the stored encoded hash, as seen in step 4 of the execution_table.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the output when encoding the password "mySecret123"?
AA random-looking encoded string
BThe same password repeated
CA readable plain text password
DAn error message
💡 Hint
Check step 2 in the execution_table for the output of encoding.
At which step does the password matching return false?
AStep 3
BStep 2
CStep 4
DStep 1
💡 Hint
Look at the matches column in the execution_table.
If the raw password changes to "newPass", what will happen to the matches variable?
AIt will be true
BIt will be false
CIt will be null
DIt will throw an exception
💡 Hint
Refer to the variable_tracker and step 4 in execution_table where a wrong password results in false.
Concept Snapshot
Use BCryptPasswordEncoder to hash passwords securely.
Encode raw password before storing.
Use matches() to verify raw password against stored hash.
Hashes include random salt, so output looks random.
Never store raw passwords directly.
Full Transcript
This visual execution shows how Spring Boot's BCryptPasswordEncoder works. First, an encoder instance is created. Then, a raw password like "mySecret123" is encoded into a hashed string with salt. This encoded password is stored securely. Later, when a user tries to log in, the raw password they enter is checked against the stored encoded password using the matches method. If they match, access is granted; if not, access is denied. The encoded password looks like a random string because BCrypt adds salt and hashes it. This process is one-way, so you cannot get the original password back from the encoded string. Matching only returns true if the raw password is exactly correct.