Update reference for PasswordEncoders

Issue gh-10506
2025-05-30 16:52:13 +00:00 · 2022-10-12 07:22:58 -04:00 · 2022-10-12 07:22:58 -04:00 · ffbcaca24a
commit ffbcaca24a
parent c50441b59f
2 changed files with 20 additions and 12 deletions
--- a/docs/modules/ROOT/pages/features/authentication/password-storage.adoc
+++ b/docs/modules/ROOT/pages/features/authentication/password-storage.adoc
@ -93,8 +93,12 @@ String idForEncode = "bcrypt";
 Map encoders = new HashMap<>();
 encoders.put(idForEncode, new BCryptPasswordEncoder());
 encoders.put("noop", NoOpPasswordEncoder.getInstance());
-encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
+encoders.put("pbkdf2", Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_5());
-encoders.put("scrypt", new SCryptPasswordEncoder());
+encoders.put("pbkdf2@SpringSecurity_v5_8", Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8());
 encoders.put("scrypt", SCryptPasswordEncoder.defaultsForSpringSecurity_v4_1());
 encoders.put("scrypt@SpringSecurity_v5_8", SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8());
 encoders.put("argon2", Argon2PasswordEncoder.defaultsForSpringSecurity_v5_2());
 encoders.put("argon2@SpringSecurity_v5_8", Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8());
 encoders.put("sha256", new StandardPasswordEncoder());
 PasswordEncoder passwordEncoder =
@ -108,8 +112,12 @@ val idForEncode = "bcrypt"
 val encoders: MutableMap<String, PasswordEncoder> = mutableMapOf()
 encoders[idForEncode] = BCryptPasswordEncoder()
 encoders["noop"] = NoOpPasswordEncoder.getInstance()
-encoders["pbkdf2"] = Pbkdf2PasswordEncoder()
+encoders["pbkdf2"] = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_5()
-encoders["scrypt"] = SCryptPasswordEncoder()
+encoders["pbkdf2@SpringSecurity_v5_8"] = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8()
 encoders["scrypt"] = SCryptPasswordEncoder.defaultsForSpringSecurity_v4_1()
 encoders["scrypt@SpringSecurity_v5_8"] = SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8()
 encoders["argon2"] = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_2()
 encoders["argon2@SpringSecurity_v5_8"] = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8()
 encoders["sha256"] = StandardPasswordEncoder()
 val passwordEncoder: PasswordEncoder = DelegatingPasswordEncoder(idForEncode, encoders)
@ -363,7 +371,7 @@ The current implementation of the `Argon2PasswordEncoder` requires BouncyCastle.
 [source,java,role="primary"]
 ----
 // Create an encoder with all the defaults
-Argon2PasswordEncoder encoder = new Argon2PasswordEncoder();
+Argon2PasswordEncoder encoder = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8();
 String result = encoder.encode("myPassword");
 assertTrue(encoder.matches("myPassword", result));
 ----
@ -372,7 +380,7 @@ assertTrue(encoder.matches("myPassword", result));
 [source,kotlin,role="secondary"]
 ----
 // Create an encoder with all the defaults
-val encoder = Argon2PasswordEncoder()
+val encoder = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8()
 val result: String = encoder.encode("myPassword")
 assertTrue(encoder.matches("myPassword", result))
 ----
@ -392,7 +400,7 @@ This algorithm is a good choice when FIPS certification is required.
 [source,java,role="primary"]
 ----
 // Create an encoder with all the defaults
-Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder();
+Pbkdf2PasswordEncoder encoder = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8();
 String result = encoder.encode("myPassword");
 assertTrue(encoder.matches("myPassword", result));
 ----
@ -401,7 +409,7 @@ assertTrue(encoder.matches("myPassword", result));
 [source,kotlin,role="secondary"]
 ----
 // Create an encoder with all the defaults
-val encoder = Pbkdf2PasswordEncoder()
+val encoder = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8()
 val result: String = encoder.encode("myPassword")
 assertTrue(encoder.matches("myPassword", result))
 ----
@ -420,7 +428,7 @@ Like other adaptive one-way functions, it should be tuned to take about 1 second
 [source,java,role="primary"]
 ----
 // Create an encoder with all the defaults
-SCryptPasswordEncoder encoder = new SCryptPasswordEncoder();
+SCryptPasswordEncoder encoder = SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8();
 String result = encoder.encode("myPassword");
 assertTrue(encoder.matches("myPassword", result));
 ----
@ -429,7 +437,7 @@ assertTrue(encoder.matches("myPassword", result));
 [source,kotlin,role="secondary"]
 ----
 // Create an encoder with all the defaults
-val encoder = SCryptPasswordEncoder()
+val encoder = SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8()
 val result: String = encoder.encode("myPassword")
 assertTrue(encoder.matches("myPassword", result))
 ----
--- a/docs/modules/ROOT/pages/features/integrations/cryptography.adoc
+++ b/docs/modules/ROOT/pages/features/integrations/cryptography.adoc
@ -251,7 +251,7 @@ In order to defeat password cracking PBKDF2 is a deliberately slow algorithm and
 [source,java,role="primary"]
 ----
 // Create an encoder with all the defaults
-Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder();
+Pbkdf2PasswordEncoder encoder = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8();
 String result = encoder.encode("myPassword");
 assertTrue(encoder.matches("myPassword", result));
 ----
@ -260,7 +260,7 @@ assertTrue(encoder.matches("myPassword", result));
 [source,kotlin,role="secondary"]
 ----
 // Create an encoder with all the defaults
-val encoder = Pbkdf2PasswordEncoder()
+val encoder = Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8()
 val result: String = encoder.encode("myPassword")
 assertTrue(encoder.matches("myPassword", result))
 ----