Hello Valdimir,

Thanks for your blog and example on spring boot / jwt.

I notice that you use "$2a$10$bnC26zz//2cavYoSCrlHdecWF8tkGfPodlHcYwlACBBwJvcEf0p2G" as password instead of "test1234". Is this encoded code for "test1234"? Could you explain why do we need encoded code here? How could we get it?

Thanks,
Jessica

A little late, but I hope this can help someone else.

Typically the back end of an authentication mechanism stores hashed passwords, in this case "$2a$10$bnC26zz//2cavYoSCrlHdecWF8tkGfPodlHcYwlACBBwJvcEf0p2G" is the hash of the password "test1243". It uses the BCrypt hashing function, and if you look at the PasswordEncoderConfig class it uses an instance of BCryptPasswordEncoder, for which the default strength = 10.

You can verify this by going to an online BCrypt encoder such as this one and use 10 for the number of rounds. Note that for BCrypt, each time, a different hash value of length 60 is generated.