mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-26 13:53:14 +00:00
Remove Md5PasswordEncoder from core
Issue: gh-4674
This commit is contained in:
Rob Winch
parent
1ed1716df4
commit
e98fc3556e
@ -29,7 +29,6 @@ import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.authentication.encoding.BaseDigestPasswordEncoder;
|
||||
import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder;
|
||||
import org.springframework.security.authentication.encoding.Md4PasswordEncoder;
|
||||
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
|
||||
import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
|
||||
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
|
||||
import org.springframework.security.config.Elements;
|
||||
@ -54,7 +53,6 @@ public class PasswordEncoderParser {
|
||||
static final String OPT_HASH_SHA = "sha";
|
||||
static final String OPT_HASH_SHA256 = "sha-256";
|
||||
static final String OPT_HASH_MD4 = "md4";
|
||||
static final String OPT_HASH_MD5 = "md5";
|
||||
static final String OPT_HASH_LDAP_SHA = "{sha}";
|
||||
static final String OPT_HASH_LDAP_SSHA = "{ssha}";
|
||||
|
||||
@ -67,7 +65,6 @@ public class PasswordEncoderParser {
|
||||
ENCODER_CLASSES.put(OPT_HASH_SHA, ShaPasswordEncoder.class);
|
||||
ENCODER_CLASSES.put(OPT_HASH_SHA256, ShaPasswordEncoder.class);
|
||||
ENCODER_CLASSES.put(OPT_HASH_MD4, Md4PasswordEncoder.class);
|
||||
ENCODER_CLASSES.put(OPT_HASH_MD5, Md5PasswordEncoder.class);
|
||||
ENCODER_CLASSES.put(OPT_HASH_LDAP_SHA, LdapShaPasswordEncoder.class);
|
||||
ENCODER_CLASSES.put(OPT_HASH_LDAP_SSHA, LdapShaPasswordEncoder.class);
|
||||
}
|
||||
|
||||
@ -7,7 +7,7 @@ start = http | ldap-server | authentication-provider | ldap-authentication-provi
|
||||
|
||||
hash =
|
||||
## Defines the hashing algorithm used on user passwords. Bcrypt is recommended.
|
||||
attribute hash {"bcrypt" | "plaintext" | "sha" | "sha-256" | "md5" | "md4" | "{sha}" | "{ssha}"}
|
||||
attribute hash {"bcrypt" | "plaintext" | "sha" | "sha-256" | "md4" | "{sha}" | "{ssha}"}
|
||||
base64 =
|
||||
## Whether a string should be base64 encoded
|
||||
attribute base64 {xsd:boolean}
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
<xs:enumeration value="plaintext"/>
|
||||
<xs:enumeration value="sha"/>
|
||||
<xs:enumeration value="sha-256"/>
|
||||
<xs:enumeration value="md5"/>
|
||||
<xs:enumeration value="md4"/>
|
||||
<xs:enumeration value="{sha}"/>
|
||||
<xs:enumeration value="{ssha}"/>
|
||||
@ -150,7 +149,6 @@
|
||||
<xs:enumeration value="plaintext"/>
|
||||
<xs:enumeration value="sha"/>
|
||||
<xs:enumeration value="sha-256"/>
|
||||
<xs:enumeration value="md5"/>
|
||||
<xs:enumeration value="md4"/>
|
||||
<xs:enumeration value="{sha}"/>
|
||||
<xs:enumeration value="{ssha}"/>
|
||||
@ -533,7 +531,6 @@
|
||||
<xs:enumeration value="plaintext"/>
|
||||
<xs:enumeration value="sha"/>
|
||||
<xs:enumeration value="sha-256"/>
|
||||
<xs:enumeration value="md5"/>
|
||||
<xs:enumeration value="md4"/>
|
||||
<xs:enumeration value="{sha}"/>
|
||||
<xs:enumeration value="{ssha}"/>
|
||||
|
||||
@ -24,6 +24,7 @@ import org.springframework.security.authentication.dao.ReflectionSaltSource;
|
||||
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
@ -103,11 +104,19 @@ public class AuthenticationProviderBeanDefinitionParserTests {
|
||||
|
||||
@Test
|
||||
public void providerWithMd5PasswordEncoderWorks() throws Exception {
|
||||
setContext(" <authentication-provider>"
|
||||
+ " <password-encoder hash='md5'/>"
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
" <authentication-manager>"
|
||||
+ " <authentication-provider>"
|
||||
+ " <password-encoder ref='passwordEncoder'/>"
|
||||
+ " <user-service>"
|
||||
+ " <user name='bob' password='12b141f35d58b8b3a46eea65e6ac179e' authorities='ROLE_A' />"
|
||||
+ " </user-service>" + " </authentication-provider>");
|
||||
+ " </user-service>"
|
||||
+ " </authentication-provider>"
|
||||
+ " </authentication-manager>"
|
||||
+ " <b:bean id='passwordEncoder' class='"
|
||||
+ MessageDigestPasswordEncoder.class.getName() + "'>"
|
||||
+ " <b:constructor-arg value='MD5'/>"
|
||||
+ " </b:bean>");
|
||||
|
||||
getProvider().authenticate(bob);
|
||||
}
|
||||
@ -138,45 +147,24 @@ public class AuthenticationProviderBeanDefinitionParserTests {
|
||||
|
||||
@Test
|
||||
public void passwordIsBase64EncodedWhenBase64IsEnabled() throws Exception {
|
||||
setContext(" <authentication-provider>"
|
||||
+ " <password-encoder hash='md5' base64='true'/>"
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
" <authentication-manager>"
|
||||
+ " <authentication-provider>"
|
||||
+ " <password-encoder ref='passwordEncoder'/>"
|
||||
+ " <user-service>"
|
||||
+ " <user name='bob' password='ErFB811YuLOkbupl5qwXng==' authorities='ROLE_A' />"
|
||||
+ " </user-service>" + " </authentication-provider>");
|
||||
+ " </user-service>"
|
||||
+ " </authentication-provider>"
|
||||
+ " </authentication-manager>"
|
||||
+ " <b:bean id='passwordEncoder' class='"
|
||||
+ MessageDigestPasswordEncoder.class.getName() + "'>"
|
||||
+ " <b:constructor-arg value='MD5'/>"
|
||||
+ " <b:property name='encodeHashAsBase64' value='true'/>"
|
||||
+ " </b:bean>");
|
||||
|
||||
getProvider().authenticate(bob);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void externalUserServicePasswordEncoderAndSaltSourceWork() throws Exception {
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
" <authentication-manager>"
|
||||
+ " <authentication-provider user-service-ref='customUserService'>"
|
||||
+ " <password-encoder ref='customPasswordEncoder'>"
|
||||
+ " <salt-source ref='saltSource'/>"
|
||||
+ " </password-encoder>"
|
||||
+ " </authentication-provider>"
|
||||
+ " </authentication-manager>"
|
||||
+
|
||||
|
||||
" <b:bean id='customPasswordEncoder' "
|
||||
+ "class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>"
|
||||
+ " <b:bean id='saltSource' "
|
||||
+ " class='"
|
||||
+ ReflectionSaltSource.class.getName()
|
||||
+ "'>"
|
||||
+ " <b:property name='userPropertyToUse' value='username'/>"
|
||||
+ " </b:bean>"
|
||||
+ " <b:bean id='customUserService' "
|
||||
+ " class='org.springframework.security.provisioning.InMemoryUserDetailsManager'>"
|
||||
+ " <b:constructor-arg>"
|
||||
+ " <b:props>"
|
||||
+ " <b:prop key='bob'>f117f0862384e9497ff4f470e3522606,ROLE_A</b:prop>"
|
||||
+ " </b:props>" + " </b:constructor-arg>"
|
||||
+ " </b:bean>");
|
||||
getProvider().authenticate(bob);
|
||||
}
|
||||
|
||||
// SEC-1466
|
||||
@Test(expected = BeanDefinitionParsingException.class)
|
||||
public void exernalProviderDoesNotSupportChildElements() throws Exception {
|
||||
|
||||
@ -1,42 +0,0 @@
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.authentication.encoding;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* MD5 implementation of PasswordEncoder.
|
||||
* </p>
|
||||
* <p>
|
||||
* If a <code>null</code> password is presented, it will be treated as an empty
|
||||
* <code>String</code> ("") password.
|
||||
* </p>
|
||||
* <P>
|
||||
* As MD5 is a one-way hash, the salt can contain any characters.
|
||||
* </p>
|
||||
*
|
||||
* This is a convenience class that extends the {@link MessageDigestPasswordEncoder} and
|
||||
* passes MD5 as the algorithm to use.
|
||||
*
|
||||
* @author Ray Krueger
|
||||
* @author colin sampaleanu
|
||||
* @author Ben Alex
|
||||
*/
|
||||
public class Md5PasswordEncoder extends MessageDigestPasswordEncoder {
|
||||
|
||||
public Md5PasswordEncoder() {
|
||||
super("MD5");
|
||||
}
|
||||
}
|
||||
@ -1,80 +0,0 @@
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.authentication.encoding;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* TestCase for Md5PasswordEncoder.
|
||||
* </p>
|
||||
*
|
||||
* @author colin sampaleanu
|
||||
* @author Ben Alex
|
||||
* @author Ray Krueger
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class Md5PasswordEncoderTests {
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
@Test
|
||||
public void testBasicFunctionality() {
|
||||
Md5PasswordEncoder pe = new Md5PasswordEncoder();
|
||||
String raw = "abc123";
|
||||
String badRaw = "abc321";
|
||||
String salt = "THIS_IS_A_SALT";
|
||||
String encoded = pe.encodePassword(raw, salt);
|
||||
assertThat(pe.isPasswordValid(encoded, raw, salt)).isTrue();
|
||||
assertThat(pe.isPasswordValid(encoded, badRaw, salt)).isFalse();
|
||||
assertThat(encoded).isEqualTo("a68aafd90299d0b137de28fb4bb68573");
|
||||
assertThat(pe.getAlgorithm()).isEqualTo("MD5");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nonAsciiPasswordHasCorrectHash() throws Exception {
|
||||
Md5PasswordEncoder md5 = new Md5PasswordEncoder();
|
||||
// $ echo -n "你好" | md5
|
||||
// 7eca689f0d3389d9dea66ae112e5cfd7
|
||||
String encodedPassword = md5.encodePassword("\u4F60\u597d", null);
|
||||
assertThat(encodedPassword).isEqualTo("7eca689f0d3389d9dea66ae112e5cfd7");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBase64() throws Exception {
|
||||
Md5PasswordEncoder pe = new Md5PasswordEncoder();
|
||||
pe.setEncodeHashAsBase64(true);
|
||||
String raw = "abc123";
|
||||
String badRaw = "abc321";
|
||||
String salt = "THIS_IS_A_SALT";
|
||||
String encoded = pe.encodePassword(raw, salt);
|
||||
assertThat(pe.isPasswordValid(encoded, raw, salt)).isTrue();
|
||||
assertThat(pe.isPasswordValid(encoded, badRaw, salt)).isFalse();
|
||||
assertThat(encoded.length() != 32).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void stretchFactorIsProcessedCorrectly() throws Exception {
|
||||
Md5PasswordEncoder pe = new Md5PasswordEncoder();
|
||||
pe.setIterations(2);
|
||||
// Calculate value using:
|
||||
// echo -n password{salt} | openssl md5 -binary | openssl md5
|
||||
assertThat(pe.encodePassword("password", "salt")).isEqualTo("eb753fb0c370582b4ee01b30f304b9fc");
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user