Passwords handling

Password must not be stored as plain text with user account, but hashing function should be used to hash plain passwords before they are stored. During the Authentication process the provided password is hashed and it is compared with stored password. Spring Security supports adaptive one-way functions as bcrypt, PBKDF2, scrypt, and argon2. Spring Security framework provides respective PasswordEncoder implementations. See more in official Spring documentation.