spring-security

Commit Graph

Author	SHA1	Message	Date
Tran Ngoc Nhan	17933ddab3	Resolve feedback Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	9323775c5f	Update javadoc and apply `StringUtils#hasLength` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	4cc5f543ab	Add author Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Tran Ngoc Nhan	21bef947b0	Use `String#isEmpty` Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>	1 month ago
Jeongwon Been	d07d3a13d1	Fix Javadoc warnings in Argon2PasswordEncoder Wrap bit-shift expressions in {@code ...} so that Javadoc does not parse '<' as HTML and emit invalid input warnings. Signed-off-by: Jeongwon Been <congcoding@gmail.com>	2 months ago
Robert Winch	7ca0f7723e	Fix checkstyle	2 months ago
Stefano Cordio	a612522ecd	Add nullability contract to `PasswordEncoder#encode` Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com>	2 months ago
Robert Winch	a32d9f04e3	Revert "Use project.artifactory(Username\|Password)" This reverts commit `9c449000dc`.	2 months ago
Robert Winch	9c449000dc	Use project.artifactory(Username\|Password)	2 months ago
Josh Cummings	532d0bef14	Add Test to Confirm 72-byte BCrypt Password Limit Closes gh-18133	5 months ago
Mehrdad	2d74f9c334	Create a specific implementation for BalloonHashing and PBKDF2 password encoders using Password4j library Closes gh-17706 Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	6 months ago
Mehrdad	8c2ad4e4d1	Add Argon2 and BCrypt and Scrypt password encoders using Password4j library Closes gh-17706 Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	6 months ago
M.Bozorgmehr	9f5d27e8d0	Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation Closes gh-17706 Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	6 months ago
M.Bozorgmehr	bd593a63d0	Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation Closes gh-17706 Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Add Password4jPasswordEncoder for enhanced password hashing support Signed-off-by: M.Bozorgmehr <m.bozorgmehr@emofid.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Add Password4jPasswordEncoder for enhanced password hashing support Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com> Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com> Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>	6 months ago
Rob Winch	f6cb0bd610	Merge Use 2004-present Copyright Header The original merge into main did not apply the changes. This fixes it. Closes gh-17635	8 months ago
Rob Winch	392129b616	Use 2004-present Copyright Header The Spring portfolio is changing to use <inception-year>-present in the copyright headers to simplify keeping headers up to date. This commit updates the headers and the checkstyle accordingly. The commit updated etc/checkstyle/header.txt It also updated the copyright headers using the following find/replace: Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors. Replace: Copyright 2004-present the original author or authors. Closes gh-17633	8 months ago
Rob Winch	7c887d2da1	Add nullability to spring-security-core Closes gh-17534	8 months ago
Rob Winch	9db1ffbd79	Add Nullability to spring-security-crypto Closes gh-17533	8 months ago
Soumik Sarker	2f53a2edb3	Removed deprecated Base64 of crypto package Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>	9 months ago
Andrey Litvitski	3b492a9628	remove 32-byte minimum keyLength restriction in `Base64StringKeyGenerator` (#17012 ) Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>	10 months ago
Rob Winch	d52289bd7a	Remove Unnecessary Backwards Compatability Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated, we should no longer support it (as it will likely be removed from Bouncy Castle)	11 months ago
Steve Riesenberg	5eb232cd3d	Polish gh-16164	11 months ago
Ferdinand Jacobs	2b22cf2877	Replace BouncyCastle's deprecated AESFastEngine with the default AESEngine - Update AESEngine to use the default AES engine, following BouncyCastle's recommendations (see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56). - Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation") - Remove @SuppressWarnings("deprecation")	11 months ago
Josh Cummings	547d174f3e	Fix Formatting	11 months ago
Roman Trapickin	d2d1275b39	Fix IllegalArgumentException message for unknown Argon2 types Array index 0 points to an empty string. Use index 1 instead. Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>	11 months ago
Joe Grandja	c1aa99fdd2	Enforce BCrypt password length for new passwords only Closes gh-16802	11 months ago
James Howe	8d7f6acab6	Typo in Base64StringKeyGenerator exception message Signed-off-by: James Howe <675056+OrangeDog@users.noreply.github.com>	12 months ago
Joe Grandja	46f0dc6dfc	Enforce BCrypt password length	1 year ago
Christian	b56650100a	Removes the use of `StringUtils` from `DelegatingPasswordEncoder` Closes gh-16442 Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com>	1 year ago
Josh Cummings	244fd2eb51	Support Serialization in Exceptions Issue gh-16276	1 year ago
Joe Grandja	a8c4d6cead	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	a7bf8f7cc6	Require Locale argument for toLower/toUpperCase usage	1 year ago
Joe Grandja	0eaffb37e7	Require Locale argument for toLower/toUpperCase usage	1 year ago
Jonny Coddington	b90851d968	Improve Error Messages for PasswordEncoder Closes gh-14880 Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>	2 years ago
Marcus Hert Da Coregio	08f11f06ab	Revert unnecessary commits from main Issue gh-15016	2 years ago
Josh Cummings	e5ee45d568	Fix Import Error Issue gh-14880	2 years ago
Abimael Sergio	3b9991fc89	Improve PasswordEncoder Error Messaging Closes gh-14880	2 years ago
Marcus Hert Da Coregio	93c2d1cc3c	Disable spring-security-rsa tests on Windows Issue gh-14202	2 years ago
Marcus Hert Da Coregio	6f7b9bbfde	Migrate spring-security-rsa into spring-security-crypto Closes gh-14202	2 years ago
Marcus Hert Da Coregio	00da9c9092	Use assertj assertions	2 years ago
Marcus Hert Da Coregio	e3ab1c94d7	Use assertj assertions	2 years ago
Marcus Hert Da Coregio	a7da9491d9	Use assertj assertions	2 years ago
Steve Riesenberg	9db33f33c7	Revert unnecessary merges on 6.0.x This commit removes unnecessary main-branch merges starting from `8750608b5b` and adds the following needed commit(s) that were made afterward: - `5dce82c48b`	2 years ago
Marcus Da Coregio	6c9cb47125	Fix code style	3 years ago
Marcus Da Coregio	64e2a2ff8b	Apply updated Code Style Closes gh-13881	3 years ago
Tim te Beek	9df9cb5aed	refactor: AssertJ best practices Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D Co-authored-by: Moderne <team@moderne.io>	3 years ago
Krzysztof Krason	9b603b99ab	Using modern Java features	3 years ago
Marcus Da Coregio	d5603a944d	Avoid exception if PBKDF2WithHmacSHA256 is not available Issue gh-12873	3 years ago
Joe Grandja	ed6a7f7730	Remove deprecated constructors in PasswordEncoders Closes gh-11985	3 years ago
Joe Grandja	c50441b59f	Update default configuration for Pbkdf2PasswordEncoder The recommended minimums for PBKDF2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are: If FIPS-140 compliance is required, use PBKDF2 with a work factor of 310,000 or more and set with an internal hash function of HMAC-SHA-256. Previous default configuration: algorithm=SHA1, iterations=185000, hashLength=256 New default configuration: algorithm=SHA256, iterations=310000, hashLength=256 The default salt length was also updated from 8 to 16. Closes gh-10506, Closes gh-10489	3 years ago

1 2 3 4 5

229 Commits (dc8ed8b1687bd4ad5d1b043d6caec751fa689ea2)