SEC-844: Support for SHA-256 hashing.

core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java

@@ -35,6 +35,7 @@ public class PasswordEncoderParser {
     static final String ATT_BASE_64 = "base64";
     static final String OPT_HASH_PLAINTEXT = "plaintext";    
     static final String OPT_HASH_SHA = "sha";
+    static final String OPT_HASH_SHA256 = "sha-256";    
     static final String OPT_HASH_MD4 = "md4";
     static final String OPT_HASH_MD5 = "md5";
     static final String OPT_HASH_LDAP_SHA = "{sha}";
@@ -45,6 +46,7 @@ public class PasswordEncoderParser {
         ENCODER_CLASSES = new HashMap();
         ENCODER_CLASSES.put(OPT_HASH_PLAINTEXT, PlaintextPasswordEncoder.class);
         ENCODER_CLASSES.put(OPT_HASH_SHA, ShaPasswordEncoder.class);
+        ENCODER_CLASSES.put(OPT_HASH_SHA256, ShaPasswordEncoder.class);
         ENCODER_CLASSES.put(OPT_HASH_MD4, Md4PasswordEncoder.class);
         ENCODER_CLASSES.put(OPT_HASH_MD5, Md5PasswordEncoder.class);
         ENCODER_CLASSES.put(OPT_HASH_LDAP_SHA, LdapShaPasswordEncoder.class);
@@ -74,6 +76,11 @@ public class PasswordEncoderParser {
         } else {
             Class beanClass = (Class) ENCODER_CLASSES.get(hash);
             RootBeanDefinition beanDefinition = new RootBeanDefinition(beanClass);
+            
+            if (OPT_HASH_SHA256.equals(hash)) {
+            	beanDefinition.getConstructorArgumentValues().addIndexedArgumentValue(0, new Integer(256));
+            }
+            
             beanDefinition.setSource(parserContext.extractSource(element));
             if (useBase64) {
                 if (BaseDigestPasswordEncoder.class.isAssignableFrom(beanClass)) {

core/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java

@@ -1,8 +1,12 @@
 package org.springframework.security.config;
 
+import static org.junit.Assert.*;
+
 import org.springframework.security.providers.ProviderManager;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.providers.AuthenticationProvider;
+import org.springframework.security.providers.encoding.ShaPasswordEncoder;
+import org.springframework.security.util.FieldUtils;
 import org.springframework.security.util.InMemoryXmlApplicationContext;
 import org.springframework.context.support.AbstractXmlApplicationContext;
 
@@ -71,6 +75,19 @@ public class AuthenticationProviderBeanDefinitionParserTests {
         getProvider().authenticate(bob);
     }
 
+    @Test
+    public void providerWithSha256PasswordEncoderIsSupported() throws Exception {
+        setContext(" <authentication-provider>" +
+                "        <password-encoder hash='sha-256'/>" +
+                "        <user-service>" +
+                "            <user name='bob' password='notused' authorities='ROLE_A' />" +
+                "        </user-service>" +
+                "    </authentication-provider>");
+
+        ShaPasswordEncoder encoder = (ShaPasswordEncoder) FieldUtils.getFieldValue(getProvider(), "passwordEncoder");
+        assertEquals("SHA-256", encoder.getAlgorithm());
+    }
+    
     @Test
     public void passwordIsBase64EncodedWhenBase64IsEnabled() throws Exception {
         setContext(" <authentication-provider>" +
@@ -81,7 +98,7 @@ public class AuthenticationProviderBeanDefinitionParserTests {
                 "    </authentication-provider>");
 
         getProvider().authenticate(bob);
-    }    
+    }
     
     @Test
     public void externalUserServiceAndPasswordEncoderWork() throws Exception {