From b60c578b2520c12b3397341080a1e818589e7f32 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 20 May 2008 22:45:02 +0000 Subject: [PATCH] SEC-844: Support for SHA-256 hashing. --- .../config/PasswordEncoderParser.java | 7 +++++++ ...tionProviderBeanDefinitionParserTests.java | 19 ++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java b/core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java index 9d2b7abb71..08b9a1f9d0 100644 --- a/core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java +++ b/core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java @@ -35,6 +35,7 @@ public class PasswordEncoderParser { static final String ATT_BASE_64 = "base64"; static final String OPT_HASH_PLAINTEXT = "plaintext"; static final String OPT_HASH_SHA = "sha"; + static final String OPT_HASH_SHA256 = "sha-256"; static final String OPT_HASH_MD4 = "md4"; static final String OPT_HASH_MD5 = "md5"; static final String OPT_HASH_LDAP_SHA = "{sha}"; @@ -45,6 +46,7 @@ public class PasswordEncoderParser { ENCODER_CLASSES = new HashMap(); ENCODER_CLASSES.put(OPT_HASH_PLAINTEXT, PlaintextPasswordEncoder.class); ENCODER_CLASSES.put(OPT_HASH_SHA, ShaPasswordEncoder.class); + ENCODER_CLASSES.put(OPT_HASH_SHA256, ShaPasswordEncoder.class); ENCODER_CLASSES.put(OPT_HASH_MD4, Md4PasswordEncoder.class); ENCODER_CLASSES.put(OPT_HASH_MD5, Md5PasswordEncoder.class); ENCODER_CLASSES.put(OPT_HASH_LDAP_SHA, LdapShaPasswordEncoder.class); @@ -74,6 +76,11 @@ public class PasswordEncoderParser { } else { Class beanClass = (Class) ENCODER_CLASSES.get(hash); RootBeanDefinition beanDefinition = new RootBeanDefinition(beanClass); + + if (OPT_HASH_SHA256.equals(hash)) { + beanDefinition.getConstructorArgumentValues().addIndexedArgumentValue(0, new Integer(256)); + } + beanDefinition.setSource(parserContext.extractSource(element)); if (useBase64) { if (BaseDigestPasswordEncoder.class.isAssignableFrom(beanClass)) { diff --git a/core/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java index bae13d3a33..cfb1bb09c6 100644 --- a/core/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java @@ -1,8 +1,12 @@ package org.springframework.security.config; +import static org.junit.Assert.*; + import org.springframework.security.providers.ProviderManager; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.providers.AuthenticationProvider; +import org.springframework.security.providers.encoding.ShaPasswordEncoder; +import org.springframework.security.util.FieldUtils; import org.springframework.security.util.InMemoryXmlApplicationContext; import org.springframework.context.support.AbstractXmlApplicationContext; @@ -71,6 +75,19 @@ public class AuthenticationProviderBeanDefinitionParserTests { getProvider().authenticate(bob); } + @Test + public void providerWithSha256PasswordEncoderIsSupported() throws Exception { + setContext(" " + + " " + + " " + + " " + + " " + + " "); + + ShaPasswordEncoder encoder = (ShaPasswordEncoder) FieldUtils.getFieldValue(getProvider(), "passwordEncoder"); + assertEquals("SHA-256", encoder.getAlgorithm()); + } + @Test public void passwordIsBase64EncodedWhenBase64IsEnabled() throws Exception { setContext(" " + @@ -81,7 +98,7 @@ public class AuthenticationProviderBeanDefinitionParserTests { " "); getProvider().authenticate(bob); - } + } @Test public void externalUserServiceAndPasswordEncoderWork() throws Exception {