spring-security/docs/modules/ROOT/pages/servlet/authentication/passwords/erasure.adoc

== Password Erasure

After successful authentication, it's a security best practice to erase credentials from memory to prevent them from being exposed to potential memory dump attacks. `ProviderManager` and most `AuthenticationProvider` implementations in Spring Security support this practice through the `eraseCredentials` method, which should be invoked after the authentication process completes.

=== Best Practices

. *Immediate Erasure*: Credentials should be erased immediately after they are no longer needed. This minimizes the window during which the credentials are exposed in memory.
. *Automatic Erasure*: Configure `ProviderManager` to automatically erase credentials post-authentication by setting `eraseCredentialsAfterAuthentication` to `true`.
. *Custom Erasure Strategies*: Implement custom erasure strategies in custom `AuthenticationProvider` implementations if the default erasure behavior does not meet specific security requirements.

=== Risk Assessment

Failure to properly erase credentials can lead to several risks:

. *Memory Access Attacks*: Attackers can access raw credentials from memory through exploits like buffer overflow attacks or memory dumps.
. *Insider Threats*: Malicious insiders with access to systems could potentially extract credentials from application memory.
. *Accidental Exposure*: In multi-tenant environments, lingering credentials in memory could accidentally be exposed to other tenants.

=== Implementation

[source,java]
----
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails,
                                                  UsernamePasswordAuthenticationToken authentication)
            throws AuthenticationException {
        // Perform authentication checks
        if (!passwordEncoder.matches(authentication.getCredentials().toString(), userDetails.getPassword())) {
            throw new BadCredentialsException(messages.getMessage(
                "AbstractUserDetailsAuthenticationProvider.badCredentials",
                "Bad credentials"));
        }

        // Erase credentials post-check
        authentication.eraseCredentials();
    }
}
----

By implementing these practices, organizations can significantly enhance the security of their authentication systems by ensuring that credentials are not left exposed in system memory.
Improve documentation about CredentialsContainer Issue gh-15398 2024-08-11 16:53:41 +01:00			`== Password Erasure`

			After successful authentication, it's a security best practice to erase credentials from memory to prevent them from being exposed to potential memory dump attacks. `ProviderManager` and most `AuthenticationProvider` implementations in Spring Security support this practice through the `eraseCredentials` method, which should be invoked after the authentication process completes.

			`=== Best Practices`

			`. Immediate Erasure: Credentials should be erased immediately after they are no longer needed. This minimizes the window during which the credentials are exposed in memory.`
			. Automatic Erasure: Configure `ProviderManager` to automatically erase credentials post-authentication by setting `eraseCredentialsAfterAuthentication` to `true`.
			. Custom Erasure Strategies: Implement custom erasure strategies in custom `AuthenticationProvider` implementations if the default erasure behavior does not meet specific security requirements.

			`=== Risk Assessment`

			`Failure to properly erase credentials can lead to several risks:`

			`. Memory Access Attacks: Attackers can access raw credentials from memory through exploits like buffer overflow attacks or memory dumps.`
			`. Insider Threats: Malicious insiders with access to systems could potentially extract credentials from application memory.`
			`. Accidental Exposure: In multi-tenant environments, lingering credentials in memory could accidentally be exposed to other tenants.`

			`=== Implementation`

			`[source,java]`
			`----`
			`public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {`
			`@Override`
			`protected void additionalAuthenticationChecks(UserDetails userDetails,`
			`UsernamePasswordAuthenticationToken authentication)`
			`throws AuthenticationException {`
			`// Perform authentication checks`
			`if (!passwordEncoder.matches(authentication.getCredentials().toString(), userDetails.getPassword())) {`
			`throw new BadCredentialsException(messages.getMessage(`
			`"AbstractUserDetailsAuthenticationProvider.badCredentials",`
			`"Bad credentials"));`
			`}`

			`// Erase credentials post-check`
			`authentication.eraseCredentials();`
			`}`
			`}`
			`----`

			`By implementing these practices, organizations can significantly enhance the security of their authentication systems by ensuring that credentials are not left exposed in system memory.`