diff --git a/docs/modules/ROOT/pages/features/authentication/password-storage.adoc b/docs/modules/ROOT/pages/features/authentication/password-storage.adoc index 7ae143c37f..c5158ba85a 100644 --- a/docs/modules/ROOT/pages/features/authentication/password-storage.adoc +++ b/docs/modules/ROOT/pages/features/authentication/password-storage.adoc @@ -463,7 +463,7 @@ There are a significant number of other `PasswordEncoder` implementations that e They are all deprecated to indicate that they are no longer considered secure. However, there are no plans to remove them, since it is difficult to migrate existing legacy systems. -[[authentication-password-storage-password4j]] +[[password4j]] == Password4j-based Password Encoders Spring Security 7.0 introduces alternative password encoder implementations based on the https://github.com/Password4j/password4j[Password4j] library. @@ -474,7 +474,7 @@ These encoders are particularly useful when you need specific algorithm configur All Password4j-based encoders are thread-safe and can be shared across multiple threads. -[[authentication-password-storage-password4j-argon2]] +[[password4j-argon2]] === Argon2Password4jPasswordEncoder The `Argon2Password4jPasswordEncoder` implementation uses the https://en.wikipedia.org/wiki/Argon2[Argon2] algorithm via the Password4j library to hash passwords. @@ -515,7 +515,7 @@ val customEncoder = Argon2Password4jPasswordEncoder(customArgon2) ---- ====== -[[authentication-password-storage-password4j-bcrypt]] +[[password4j-bcrypt]] === BcryptPassword4jPasswordEncoder The `BcryptPassword4jPasswordEncoder` implementation uses the https://en.wikipedia.org/wiki/Bcrypt[BCrypt] algorithm via the Password4j library to hash passwords. @@ -556,7 +556,7 @@ val customEncoder = BcryptPassword4jPasswordEncoder(customBcrypt) ---- ====== -[[authentication-password-storage-password4j-scrypt]] +[[password4j-scrypt]] === ScryptPassword4jPasswordEncoder The `ScryptPassword4jPasswordEncoder` implementation uses the https://en.wikipedia.org/wiki/Scrypt[SCrypt] algorithm via the Password4j library to hash passwords. @@ -597,7 +597,7 @@ val customEncoder = ScryptPassword4jPasswordEncoder(customScrypt) ---- ====== -[[authentication-password-storage-password4j-pbkdf2]] +[[password4j-pbkdf2]] === Pbkdf2Password4jPasswordEncoder The `Pbkdf2Password4jPasswordEncoder` implementation uses the https://en.wikipedia.org/wiki/PBKDF2[PBKDF2] algorithm via the Password4j library to hash passwords. @@ -639,7 +639,7 @@ val customEncoder = Pbkdf2Password4jPasswordEncoder(customPbkdf2, 32) ---- ====== -[[authentication-password-storage-password4j-balloon]] +[[password4j-ballooning]] === BalloonHashingPassword4jPasswordEncoder The `BalloonHashingPassword4jPasswordEncoder` implementation uses the Balloon hashing algorithm via the Password4j library to hash passwords. diff --git a/docs/modules/ROOT/pages/whats-new.adoc b/docs/modules/ROOT/pages/whats-new.adoc index a5ab6c66e5..c150e56113 100644 --- a/docs/modules/ROOT/pages/whats-new.adoc +++ b/docs/modules/ROOT/pages/whats-new.adoc @@ -38,11 +38,11 @@ http.csrf((csrf) -> csrf.spa()); == Crypto * Added Password4j-based password encoders providing alternative implementations for popular hashing algorithms: -** `Argon2Password4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#authentication-password-storage-password4j-argon2[Argon2 implementation using Password4j] -** `BcryptPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#authentication-password-storage-password4j-bcrypt[BCrypt implementation using Password4j] -** `ScryptPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#authentication-password-storage-password4j-scrypt[SCrypt implementation using Password4j] -** `Pbkdf2Password4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#authentication-password-storage-password4j-pbkdf2[PBKDF2 implementation using Password4j] -** `BalloonHashingPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#authentication-password-storage-password4j-balloon[Balloon Hashing implementation using Password4j] +** `Argon2Password4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-argon2[Argon2] +** `BcryptPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-bcrypt[BCrypt] +** `ScryptPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-scrypt[SCrypt] +** `Pbkdf2Password4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-pbkdf2[PBKDF2] +** `BalloonHashingPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-balloon[Balloon Hashing] == Data