spring-security

Commit Graph

Author	SHA1	Message	Date
Robert Winch	1261c229a3	Fix Flaky Crypto Tests Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid encrypted value. This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original plaintext.	1 month ago
Robert Winch	f8ac095d48	Add nullability contract to `PasswordEncoder#encode` implementations Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>AbstractValidatingPasswordEncoder.java	2 months ago
Josh Cummings	410812c5bc	Reduce Diff Size This commit reorders the originally changed boolean logic so that it returns false early, as it did before. This allows the change to remain small and also keeps the most complex logical statements outside of the if statement. Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>	2 months ago
Tran Ngoc Nhan	17933ddab3	Resolve feedback Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2 months ago
Tran Ngoc Nhan	9323775c5f	Update javadoc and apply `StringUtils#hasLength` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2 months ago
Tran Ngoc Nhan	4cc5f543ab	Add author Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2 months ago
Tran Ngoc Nhan	21bef947b0	Use `String#isEmpty` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	2 months ago
Jeongwon Been	d07d3a13d1	Fix Javadoc warnings in Argon2PasswordEncoder Wrap bit-shift expressions in {@code ...} so that Javadoc does not parse '<' as HTML and emit invalid input warnings. Signed-off-by: Jeongwon Been <congcoding@gmail.com>	3 months ago
Robert Winch	7ca0f7723e	Fix checkstyle	3 months ago
Stefano Cordio	a612522ecd	Add nullability contract to `PasswordEncoder#encode` Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>	3 months ago
Robert Winch	a32d9f04e3	Revert "Use project.artifactory(Username\|Password)" This reverts commit `9c449000dc`.	3 months ago
Robert Winch	9c449000dc	Use project.artifactory(Username\|Password)	3 months ago
Josh Cummings	532d0bef14	Add Test to Confirm 72-byte BCrypt Password Limit Closes gh-18133	5 months ago
Mehrdad	2d74f9c334	Create a specific implementation for BalloonHashing and PBKDF2 password encoders using Password4j library Closes gh-17706 Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	7 months ago
Mehrdad	8c2ad4e4d1	Add Argon2 and BCrypt and Scrypt password encoders using Password4j library Closes gh-17706 Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	7 months ago
M.Bozorgmehr	9f5d27e8d0	Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation Closes gh-17706 Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	7 months ago
M.Bozorgmehr	bd593a63d0	Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation Closes gh-17706 Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Add Password4jPasswordEncoder for enhanced password hashing support Signed-off-by: M.Bozorgmehr <m.bozorgmehr@emofid.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Add Password4jPasswordEncoder for enhanced password hashing support Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	7 months ago
Rob Winch	f6cb0bd610	Merge Use 2004-present Copyright Header The original merge into main did not apply the changes. This fixes it. Closes gh-17635	8 months ago
Rob Winch	392129b616	Use 2004-present Copyright Header The Spring portfolio is changing to use <inception-year>-present in the copyright headers to simplify keeping headers up to date. This commit updates the headers and the checkstyle accordingly. The commit updated etc/checkstyle/header.txt It also updated the copyright headers using the following find/replace: Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors. Replace: Copyright 2004-present the original author or authors. Closes gh-17633	8 months ago
Rob Winch	7c887d2da1	Add nullability to spring-security-core Closes gh-17534	9 months ago
Rob Winch	9db1ffbd79	Add Nullability to spring-security-crypto Closes gh-17533	9 months ago
Soumik Sarker	2f53a2edb3	Removed deprecated Base64 of crypto package Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	9 months ago
Andrey Litvitski	3b492a9628	remove 32-byte minimum keyLength restriction in `Base64StringKeyGenerator` (#17012 ) Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	11 months ago
Rob Winch	d52289bd7a	Remove Unnecessary Backwards Compatability Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated, we should no longer support it (as it will likely be removed from Bouncy Castle)	11 months ago
Steve Riesenberg	5eb232cd3d	Polish gh-16164	11 months ago
Ferdinand Jacobs	2b22cf2877	Replace BouncyCastle's deprecated AESFastEngine with the default AESEngine - Update AESEngine to use the default AES engine, following BouncyCastle's recommendations (see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56). - Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation") - Remove @SuppressWarnings("deprecation")	11 months ago
Josh Cummings	547d174f3e	Fix Formatting	12 months ago
Roman Trapickin	d2d1275b39	Fix IllegalArgumentException message for unknown Argon2 types Array index 0 points to an empty string. Use index 1 instead. Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>	12 months ago
Joe Grandja	c1aa99fdd2	Enforce BCrypt password length for new passwords only Closes gh-16802	12 months ago
James Howe	8d7f6acab6	Typo in Base64StringKeyGenerator exception message Signed-off-by: James Howe <675056+OrangeDog@users.noreply.github.com>	1 year ago
Joe Grandja	46f0dc6dfc	Enforce BCrypt password length	1 year ago
Christian	b56650100a	Removes the use of `StringUtils` from `DelegatingPasswordEncoder` Closes gh-16442 Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com>	1 year ago
Josh Cummings	244fd2eb51	Support Serialization in Exceptions Issue gh-16276	1 year ago
Joe Grandja	a8c4d6cead	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	a7bf8f7cc6	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	0eaffb37e7	Require Locale argument for toLower/toUpperCase usage	1 year ago
Jonny Coddington	b90851d968	Improve Error Messages for PasswordEncoder Closes gh-14880 Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>	2 years ago
Marcus Hert Da Coregio	08f11f06ab	Revert unnecessary commits from main Issue gh-15016	2 years ago
Josh Cummings	e5ee45d568	Fix Import Error Issue gh-14880	2 years ago
Abimael Sergio	3b9991fc89	Improve PasswordEncoder Error Messaging Closes gh-14880	2 years ago
Marcus Hert Da Coregio	93c2d1cc3c	Disable spring-security-rsa tests on Windows Issue gh-14202	2 years ago
Marcus Hert Da Coregio	6f7b9bbfde	Migrate spring-security-rsa into spring-security-crypto Closes gh-14202	2 years ago
Marcus Hert Da Coregio	00da9c9092	Use assertj assertions	2 years ago
Marcus Hert Da Coregio	e3ab1c94d7	Use assertj assertions	2 years ago
Marcus Hert Da Coregio	a7da9491d9	Use assertj assertions	2 years ago
Steve Riesenberg	9db33f33c7	Revert unnecessary merges on 6.0.x This commit removes unnecessary main-branch merges starting from 8750608b5bca45525c99d0a41a20ed02de93d8c7 and adds the following needed commit(s) that were made afterward: - 5dce82c48bc0b174838501c5a111b2de70822914	2 years ago
Marcus Da Coregio	6c9cb47125	Fix code style	3 years ago
Marcus Da Coregio	64e2a2ff8b	Apply updated Code Style Closes gh-13881	3 years ago
Tim te Beek	9df9cb5aed	refactor: AssertJ best practices Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D Co-authored-by: Moderne <team@moderne.io>	3 years ago
Krzysztof Krason	9b603b99ab	Using modern Java features	3 years ago

1 2 3 4 5

234 Commits (9dfbd681aba3fecf1aada63a450ddd24c026f2ab)