From 61eba00654031a17a0406631b90b1d2283e5cdba Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Wed, 10 Apr 2024 14:56:44 -0300 Subject: [PATCH] Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module. Issue gh-7395 --- .../InitializeUserDetailsBeanManagerConfigurer.java | 2 +- .../web/reactive/ServerHttpSecurityConfiguration.java | 2 +- .../web/configuration/HttpSecurityConfigurationTests.java | 6 +++--- .../reactive/ServerHttpSecurityConfigurationTests.java | 6 +++--- core/spring-security-core.gradle | 3 --- .../AbstractUserDetailsReactiveAuthenticationManager.java | 8 ++++---- .../authentication/dao/DaoAuthenticationProvider.java | 4 ++-- .../password/CompromisedPasswordCheckResult.java | 2 +- .../password/CompromisedPasswordChecker.java | 2 +- .../password/CompromisedPasswordException.java | 3 +-- .../password/ReactiveCompromisedPasswordChecker.java | 2 +- ...tailsRepositoryReactiveAuthenticationManagerTests.java | 6 +++--- .../dao/DaoAuthenticationProviderTests.java | 6 +++--- web/spring-security-web.gradle | 1 + .../password/HaveIBeenPwnedRestApiPasswordChecker.java | 8 +++++--- .../HaveIBeenPwnedRestApiReactivePasswordChecker.java | 4 +++- .../HaveIBeenPwnedRestApiPasswordCheckerTests.java | 3 ++- ...HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java | 2 +- 18 files changed, 36 insertions(+), 34 deletions(-) rename core/src/main/java/org/springframework/security/{core => authentication}/password/CompromisedPasswordCheckResult.java (93%) rename core/src/main/java/org/springframework/security/{core => authentication}/password/CompromisedPasswordChecker.java (94%) rename core/src/main/java/org/springframework/security/{core => authentication}/password/CompromisedPasswordException.java (91%) rename core/src/main/java/org/springframework/security/{core => authentication}/password/ReactiveCompromisedPasswordChecker.java (94%) rename {core/src/main/java/org/springframework/security/core => web/src/main/java/org/springframework/security/web/authentication}/password/HaveIBeenPwnedRestApiPasswordChecker.java (92%) rename {core/src/main/java/org/springframework/security/core => web/src/main/java/org/springframework/security/web/authentication}/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java (93%) rename {core/src/test/java/org/springframework/security/core => web/src/test/java/org/springframework/security/web/authentication}/password/HaveIBeenPwnedRestApiPasswordCheckerTests.java (95%) rename {core/src/test/java/org/springframework/security/core => web/src/test/java/org/springframework/security/web/authentication}/password/HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java (98%) diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java index 814c1127f8..621b53f9ee 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/InitializeUserDetailsBeanManagerConfigurer.java @@ -20,8 +20,8 @@ import org.springframework.context.ApplicationContext; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; +import org.springframework.security.authentication.password.CompromisedPasswordChecker; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.core.password.CompromisedPasswordChecker; import org.springframework.security.core.userdetails.UserDetailsPasswordService; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java index 18065662a0..69c6e75c51 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java @@ -32,8 +32,8 @@ import org.springframework.core.ReactiveAdapterRegistry; import org.springframework.security.authentication.ObservationReactiveAuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager; +import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.config.web.server.ServerHttpSecurity; -import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService; import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java index ab25569e12..a41df95019 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java @@ -47,6 +47,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.event.AbstractAuthenticationEvent; import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; +import org.springframework.security.authentication.password.CompromisedPasswordChecker; +import org.springframework.security.authentication.password.CompromisedPasswordException; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -58,9 +61,6 @@ import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolderStrategy; -import org.springframework.security.core.password.CompromisedPasswordCheckResult; -import org.springframework.security.core.password.CompromisedPasswordChecker; -import org.springframework.security.core.password.CompromisedPasswordException; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.provisioning.InMemoryUserDetailsManager; diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java index 5ad158eef2..ec3a71999c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTests.java @@ -26,14 +26,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; +import org.springframework.security.authentication.password.CompromisedPasswordException; +import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.config.Customizer; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.users.ReactiveAuthenticationTestConfiguration; import org.springframework.security.config.web.server.ServerHttpSecurity; -import org.springframework.security.core.password.CompromisedPasswordCheckResult; -import org.springframework.security.core.password.CompromisedPasswordException; -import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.User; diff --git a/core/spring-security-core.gradle b/core/spring-security-core.gradle index 9a58737d36..fd5857a20c 100644 --- a/core/spring-security-core.gradle +++ b/core/spring-security-core.gradle @@ -18,8 +18,6 @@ dependencies { optional 'org.aspectj:aspectjrt' optional 'org.springframework:spring-jdbc' optional 'org.springframework:spring-tx' - optional 'org.springframework:spring-web' - optional 'org.springframework:spring-webflux' optional 'org.jetbrains.kotlinx:kotlinx-coroutines-reactor' testImplementation 'commons-collections:commons-collections' @@ -33,7 +31,6 @@ dependencies { testImplementation "org.springframework:spring-test" testImplementation 'org.skyscreamer:jsonassert' testImplementation 'org.springframework:spring-test' - testImplementation 'com.squareup.okhttp3:mockwebserver' testRuntimeOnly 'org.hsqldb:hsqldb' } diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java index de51471e0f..8f0ebb089e 100644 --- a/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/authentication/AbstractUserDetailsReactiveAuthenticationManager.java @@ -25,12 +25,12 @@ import reactor.core.scheduler.Schedulers; import org.springframework.context.MessageSource; import org.springframework.context.MessageSourceAware; import org.springframework.context.support.MessageSourceAccessor; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; +import org.springframework.security.authentication.password.CompromisedPasswordChecker; +import org.springframework.security.authentication.password.CompromisedPasswordException; +import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.core.Authentication; import org.springframework.security.core.SpringSecurityMessageSource; -import org.springframework.security.core.password.CompromisedPasswordCheckResult; -import org.springframework.security.core.password.CompromisedPasswordChecker; -import org.springframework.security.core.password.CompromisedPasswordException; -import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsChecker; diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java index 0a35804a3c..a854d6d58d 100644 --- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java @@ -20,10 +20,10 @@ import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.InternalAuthenticationServiceException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.authentication.password.CompromisedPasswordChecker; +import org.springframework.security.authentication.password.CompromisedPasswordException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.password.CompromisedPasswordChecker; -import org.springframework.security.core.password.CompromisedPasswordException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsPasswordService; import org.springframework.security.core.userdetails.UserDetailsService; diff --git a/core/src/main/java/org/springframework/security/core/password/CompromisedPasswordCheckResult.java b/core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordCheckResult.java similarity index 93% rename from core/src/main/java/org/springframework/security/core/password/CompromisedPasswordCheckResult.java rename to core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordCheckResult.java index e5742c51b2..ad52d9420e 100644 --- a/core/src/main/java/org/springframework/security/core/password/CompromisedPasswordCheckResult.java +++ b/core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordCheckResult.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.authentication.password; public class CompromisedPasswordCheckResult { diff --git a/core/src/main/java/org/springframework/security/core/password/CompromisedPasswordChecker.java b/core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordChecker.java similarity index 94% rename from core/src/main/java/org/springframework/security/core/password/CompromisedPasswordChecker.java rename to core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordChecker.java index edb8ce875c..d76f35f546 100644 --- a/core/src/main/java/org/springframework/security/core/password/CompromisedPasswordChecker.java +++ b/core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordChecker.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.authentication.password; import org.springframework.lang.NonNull; diff --git a/core/src/main/java/org/springframework/security/core/password/CompromisedPasswordException.java b/core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordException.java similarity index 91% rename from core/src/main/java/org/springframework/security/core/password/CompromisedPasswordException.java rename to core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordException.java index 4c73cfa0e5..672876164f 100644 --- a/core/src/main/java/org/springframework/security/core/password/CompromisedPasswordException.java +++ b/core/src/main/java/org/springframework/security/authentication/password/CompromisedPasswordException.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.authentication.password; import org.springframework.security.core.AuthenticationException; @@ -23,7 +23,6 @@ import org.springframework.security.core.AuthenticationException; * * @author Marcus da Coregio * @since 6.3 - * @see HaveIBeenPwnedRestApiPasswordChecker */ public class CompromisedPasswordException extends AuthenticationException { diff --git a/core/src/main/java/org/springframework/security/core/password/ReactiveCompromisedPasswordChecker.java b/core/src/main/java/org/springframework/security/authentication/password/ReactiveCompromisedPasswordChecker.java similarity index 94% rename from core/src/main/java/org/springframework/security/core/password/ReactiveCompromisedPasswordChecker.java rename to core/src/main/java/org/springframework/security/authentication/password/ReactiveCompromisedPasswordChecker.java index 2168af0eef..7d3ca6d625 100644 --- a/core/src/main/java/org/springframework/security/core/password/ReactiveCompromisedPasswordChecker.java +++ b/core/src/main/java/org/springframework/security/authentication/password/ReactiveCompromisedPasswordChecker.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.authentication.password; import reactor.core.publisher.Mono; diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java index e33606471c..c386bdafaa 100644 --- a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java @@ -27,10 +27,10 @@ import reactor.core.scheduler.Schedulers; import reactor.test.StepVerifier; import org.springframework.context.MessageSource; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; +import org.springframework.security.authentication.password.CompromisedPasswordException; +import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.core.Authentication; -import org.springframework.security.core.password.CompromisedPasswordCheckResult; -import org.springframework.security.core.password.CompromisedPasswordException; -import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService; import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.core.userdetails.User; diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java index c67dd1a4e7..4e44f329a5 100644 --- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java @@ -33,12 +33,12 @@ import org.springframework.security.authentication.InternalAuthenticationService import org.springframework.security.authentication.LockedException; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; +import org.springframework.security.authentication.password.CompromisedPasswordChecker; +import org.springframework.security.authentication.password.CompromisedPasswordException; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; -import org.springframework.security.core.password.CompromisedPasswordCheckResult; -import org.springframework.security.core.password.CompromisedPasswordChecker; -import org.springframework.security.core.password.CompromisedPasswordException; import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; diff --git a/web/spring-security-web.gradle b/web/spring-security-web.gradle index cf405549c2..77cf908f45 100644 --- a/web/spring-security-web.gradle +++ b/web/spring-security-web.gradle @@ -36,6 +36,7 @@ dependencies { testImplementation "org.mockito:mockito-core" testImplementation "org.mockito:mockito-junit-jupiter" testImplementation "org.springframework:spring-test" + testImplementation 'com.squareup.okhttp3:mockwebserver' testRuntimeOnly 'org.hsqldb:hsqldb' } diff --git a/core/src/main/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiPasswordChecker.java b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java similarity index 92% rename from core/src/main/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiPasswordChecker.java rename to web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java index b6500d43c8..37c1b26b84 100644 --- a/core/src/main/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiPasswordChecker.java +++ b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.web.authentication.password; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; @@ -24,8 +24,10 @@ import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.jetbrains.annotations.NotNull; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; +import org.springframework.security.authentication.password.CompromisedPasswordChecker; import org.springframework.security.crypto.codec.Hex; import org.springframework.util.Assert; import org.springframework.util.StringUtils; @@ -58,7 +60,7 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa } @Override - @NotNull + @NonNull public CompromisedPasswordCheckResult check(String password) { byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8)); String encoded = new String(Hex.encode(hash)).toUpperCase(); diff --git a/core/src/main/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java similarity index 93% rename from core/src/main/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java rename to web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java index f8bc282c22..3ef10f46d0 100644 --- a/core/src/main/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java +++ b/web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.web.authentication.password; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; @@ -26,6 +26,8 @@ import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import reactor.core.scheduler.Schedulers; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; +import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker; import org.springframework.security.crypto.codec.Hex; import org.springframework.util.Assert; import org.springframework.util.StringUtils; diff --git a/core/src/test/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiPasswordCheckerTests.java b/web/src/test/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordCheckerTests.java similarity index 95% rename from core/src/test/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiPasswordCheckerTests.java rename to web/src/test/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordCheckerTests.java index 1948067a9f..c8cdd33eac 100644 --- a/core/src/test/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiPasswordCheckerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordCheckerTests.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.web.authentication.password; import java.io.IOException; @@ -25,6 +25,7 @@ import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.springframework.security.authentication.password.CompromisedPasswordCheckResult; import org.springframework.web.client.RestClient; import static org.assertj.core.api.Assertions.assertThat; diff --git a/core/src/test/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java b/web/src/test/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java similarity index 98% rename from core/src/test/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java rename to web/src/test/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java index 95bb475397..7d5550e6d0 100644 --- a/core/src/test/java/org/springframework/security/core/password/HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordCheckerTests.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.core.password; +package org.springframework.security.web.authentication.password; import java.io.IOException;