GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add password storage Kotlin samples to docs 

Issue gh-8172
pull/8184/head
Eleftheria Stein 6 years ago
parent
10c66d282a
commit
2c103f34e3
1 changed files with 112 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 120
      docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc

120
docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc
Unescape View File

@ -68,18 +68,26 @@ You can easily construct an instance of `DelegatingPasswordEncoder` using `Pass @@ -68,18 +68,26 @@ You can easily construct an instance of `DelegatingPasswordEncoder` using `Pass
.Create Default DelegatingPasswordEncoder
====
[source,java]
.Java
[source,java,role="primary"]
----
PasswordEncoder passwordEncoder =
PasswordEncoderFactories.createDelegatingPasswordEncoder();
----
.Kotlin
[source,kotlin,role="secondary"]
----
val passwordEncoder: PasswordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder()
----
====
Alternatively, you may create your own custom instance. For example:
.Create Custom DelegatingPasswordEncoder
====
[source,java]
.Java
[source,java,role="primary"]
----
String idForEncode = "bcrypt";
Map encoders = new HashMap<>();
@ -92,6 +100,20 @@ encoders.put("sha256", new StandardPasswordEncoder()); @@ -92,6 +100,20 @@ encoders.put("sha256", new StandardPasswordEncoder());
PasswordEncoder passwordEncoder =
new DelegatingPasswordEncoder(idForEncode, encoders);
----
.Kotlin
[source,kotlin,role="secondary"]
----
val idForEncode = "bcrypt"
val encoders: MutableMap<String, PasswordEncoder> = mutableMapOf()
encoders[idForEncode] = BCryptPasswordEncoder()
encoders["noop"] = NoOpPasswordEncoder.getInstance()
encoders["pbkdf2"] = Pbkdf2PasswordEncoder()
encoders["scrypt"] = SCryptPasswordEncoder()
encoders["sha256"] = StandardPasswordEncoder()
val passwordEncoder: PasswordEncoder = DelegatingPasswordEncoder(idForEncode, encoders)
----
====
[[authentication-password-storage-dpe-format]]
@ -180,7 +202,8 @@ There are convenience mechanisms to make this easier, but this is still not inte @@ -180,7 +202,8 @@ There are convenience mechanisms to make this easier, but this is still not inte
.withDefaultPasswordEncoder Example
====
[source,java,attrs="-attributes"]
.Java
[source,java,role="primary",attrs="-attributes"]
----
User user = User.withDefaultPasswordEncoder()
.username("user")
@ -190,13 +213,26 @@ User user = User.withDefaultPasswordEncoder() @@ -190,13 +213,26 @@ User user = User.withDefaultPasswordEncoder()
System.out.println(user.getPassword());
// {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG
----
.Kotlin
[source,kotlin,role="secondary",attrs="-attributes"]
----
val user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("user")
.build()
println(user.password)
// {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG
----
====
If you are creating multiple users, you can also reuse the builder.
.withDefaultPasswordEncoder Reusing the Builder
====
[source,java]
.Java
[source,java,role="primary"]
----
UserBuilder users = User.withDefaultPasswordEncoder();
User user = users
@ -210,6 +246,22 @@ User admin = users @@ -210,6 +246,22 @@ User admin = users
.roles("USER","ADMIN")
.build();
----
.Kotlin
[source,kotlin,role="secondary"]
----
val users = User.withDefaultPasswordEncoder()
val user = users
.username("user")
.password("password")
.roles("USER")
.build()
val admin = users
.username("admin")
.password("password")
.roles("USER", "ADMIN")
.build()
----
====
This does hash the password that is stored, but the passwords are still exposed in memory and in the compiled source code.
@ -273,7 +325,10 @@ The `BCryptPasswordEncoder` implementation uses the widely supported https://en. @@ -273,7 +325,10 @@ The `BCryptPasswordEncoder` implementation uses the widely supported https://en.
In order to make it more resistent to password cracking, bcrypt is deliberately slow.
Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
[source,java]
.BCryptPasswordEncoder
====
.Java
[source,java,role="primary"]
----
// Create an encoder with strength 16
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(16);
@ -281,6 +336,16 @@ String result = encoder.encode("myPassword"); @@ -281,6 +336,16 @@ String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
----
.Kotlin
[source,kotlin,role="secondary"]
----
// Create an encoder with strength 16
val encoder = BCryptPasswordEncoder(16)
val result: String = encoder.encode("myPassword")
assertTrue(encoder.matches("myPassword", result))
----
====
[[authentication-password-storage-argon2]]
== Argon2PasswordEncoder
@ -290,7 +355,10 @@ In order to defeat password cracking on custom hardware, Argon2 is a deliberatel @@ -290,7 +355,10 @@ In order to defeat password cracking on custom hardware, Argon2 is a deliberatel
Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
The current implementation if the `Argon2PasswordEncoder` requires BouncyCastle.
[source,java]
.Argon2PasswordEncoder
====
.Java
[source,java,role="primary"]
----
// Create an encoder with all the defaults
Argon2PasswordEncoder encoder = new Argon2PasswordEncoder();
@ -298,6 +366,16 @@ String result = encoder.encode("myPassword"); @@ -298,6 +366,16 @@ String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
----
.Kotlin
[source,kotlin,role="secondary"]
----
// Create an encoder with all the defaults
val encoder = Argon2PasswordEncoder()
val result: String = encoder.encode("myPassword")
assertTrue(encoder.matches("myPassword", result))
----
====
[[authentication-password-storage-pbkdf2]]
== Pbkdf2PasswordEncoder
@ -306,7 +384,10 @@ In order to defeat password cracking PBKDF2 is a deliberately slow algorithm. @@ -306,7 +384,10 @@ In order to defeat password cracking PBKDF2 is a deliberately slow algorithm.
Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
This algorithm is a good choice when FIPS certification is required.
[source,java]
.Pbkdf2PasswordEncoder
====
.Java
[source,java,role="primary"]
----
// Create an encoder with all the defaults
Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder();
@ -314,6 +395,16 @@ String result = encoder.encode("myPassword"); @@ -314,6 +395,16 @@ String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
----
.Kotlin
[source,kotlin,role="secondary"]
----
// Create an encoder with all the defaults
val encoder = Pbkdf2PasswordEncoder()
val result: String = encoder.encode("myPassword")
assertTrue(encoder.matches("myPassword", result))
----
====
[[authentication-password-storage-scrypt]]
== SCryptPasswordEncoder
@ -321,7 +412,10 @@ The `SCryptPasswordEncoder` implementation uses https://en.wikipedia.org/wiki/Sc @@ -321,7 +412,10 @@ The `SCryptPasswordEncoder` implementation uses https://en.wikipedia.org/wiki/Sc
In order to defeat password cracking on custom hardware scrypt is a deliberately slow algorithm that requires large amounts of memory.
Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
[source,java]
.SCryptPasswordEncoder
====
.Java
[source,java,role="primary"]
----
// Create an encoder with all the defaults
SCryptPasswordEncoder encoder = new SCryptPasswordEncoder();
@ -329,6 +423,16 @@ String result = encoder.encode("myPassword"); @@ -329,6 +423,16 @@ String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
----
.Kotlin
[source,kotlin,role="secondary"]
----
// Create an encoder with all the defaults
val encoder = SCryptPasswordEncoder()
val result: String = encoder.encode("myPassword")
assertTrue(encoder.matches("myPassword", result))
----
====
[[authentication-password-storage-other]]
== Other PasswordEncoders

Write Preview
Loading…
Cancel
Save