Move HaveIBeenPwnedRestApiPasswordChecker to spring-security-web
Prior to this commit, the implementation was placed in spring-security-core, however we do not want to introduce a dependency on spring-web and spring-webflux for that module. Issue gh-7395
This commit is contained in:
Marcus Hert Da Coregio
parent
f689f3c3fc
commit
61eba00654
|
|
@ -20,8 +20,8 @@ import org.springframework.context.ApplicationContext;
|
|||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.core.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.core.userdetails.UserDetailsPasswordService;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@ import org.springframework.core.ReactiveAdapterRegistry;
|
|||
import org.springframework.security.authentication.ObservationReactiveAuthenticationManager;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService;
|
||||
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
|
|
|||
|
|
@ -47,6 +47,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
|||
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
|
||||
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
|
||||
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -58,9 +61,6 @@ import org.springframework.security.config.test.SpringTestContextExtension;
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.core.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.core.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.core.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
|
|
|||
|
|
@ -26,14 +26,14 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.config.users.ReactiveAuthenticationTestConfiguration;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.core.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
|
|
|
|||
|
|
@ -18,8 +18,6 @@ dependencies {
|
|||
optional 'org.aspectj:aspectjrt'
|
||||
optional 'org.springframework:spring-jdbc'
|
||||
optional 'org.springframework:spring-tx'
|
||||
optional 'org.springframework:spring-web'
|
||||
optional 'org.springframework:spring-webflux'
|
||||
optional 'org.jetbrains.kotlinx:kotlinx-coroutines-reactor'
|
||||
|
||||
testImplementation 'commons-collections:commons-collections'
|
||||
|
|
@ -33,7 +31,6 @@ dependencies {
|
|||
testImplementation "org.springframework:spring-test"
|
||||
testImplementation 'org.skyscreamer:jsonassert'
|
||||
testImplementation 'org.springframework:spring-test'
|
||||
testImplementation 'com.squareup.okhttp3:mockwebserver'
|
||||
|
||||
testRuntimeOnly 'org.hsqldb:hsqldb'
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,12 +25,12 @@ import reactor.core.scheduler.Schedulers;
|
|||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.context.MessageSourceAware;
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.core.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.core.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.core.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsChecker;
|
||||
|
|
|
|||
|
|
@ -20,10 +20,10 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.InternalAuthenticationServiceException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.core.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsPasswordService;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.authentication.password;
|
||||
|
||||
public class CompromisedPasswordCheckResult {
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.authentication.password;
|
||||
|
||||
import org.springframework.lang.NonNull;
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.authentication.password;
|
||||
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
|
||||
|
|
@ -23,7 +23,6 @@ import org.springframework.security.core.AuthenticationException;
|
|||
*
|
||||
* @author Marcus da Coregio
|
||||
* @since 6.3
|
||||
* @see HaveIBeenPwnedRestApiPasswordChecker
|
||||
*/
|
||||
public class CompromisedPasswordException extends AuthenticationException {
|
||||
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.authentication.password;
|
||||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
|
|
@ -27,10 +27,10 @@ import reactor.core.scheduler.Schedulers;
|
|||
import reactor.test.StepVerifier;
|
||||
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.core.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService;
|
||||
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
|
|
|
|||
|
|
@ -33,12 +33,12 @@ import org.springframework.security.authentication.InternalAuthenticationService
|
|||
import org.springframework.security.authentication.LockedException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.core.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.core.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ dependencies {
|
|||
testImplementation "org.mockito:mockito-core"
|
||||
testImplementation "org.mockito:mockito-junit-jupiter"
|
||||
testImplementation "org.springframework:spring-test"
|
||||
testImplementation 'com.squareup.okhttp3:mockwebserver'
|
||||
|
||||
testRuntimeOnly 'org.hsqldb:hsqldb'
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.web.authentication.password;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
|
|
@ -24,8 +24,10 @@ import java.util.List;
|
|||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
|
||||
import org.springframework.lang.NonNull;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
|
@ -58,7 +60,7 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa
|
|||
}
|
||||
|
||||
@Override
|
||||
@NotNull
|
||||
@NonNull
|
||||
public CompromisedPasswordCheckResult check(String password) {
|
||||
byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8));
|
||||
String encoded = new String(Hex.encode(hash)).toUpperCase();
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.web.authentication.password;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
|
|
@ -26,6 +26,8 @@ import reactor.core.publisher.Flux;
|
|||
import reactor.core.publisher.Mono;
|
||||
import reactor.core.scheduler.Schedulers;
|
||||
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.web.authentication.password;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
@ -25,6 +25,7 @@ import org.junit.jupiter.api.AfterEach;
|
|||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.web.client.RestClient;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core.password;
|
||||
package org.springframework.security.web.authentication.password;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
Loading…
Reference in New Issue