Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,559 Commits 38 Branches 345 Tags
Commit Graph

281 Commits

Author SHA1 Message Date
Josh Cummings
e6957bb854
Merge branch '6.3.x' into 6.4.x 2025-04-28 11:13:09 -06:00
Josh Cummings
547d174f3e Fix Formatting 2025-04-24 10:43:03 -06:00
Roman Trapickin
d2d1275b39 Fix IllegalArgumentException message for unknown Argon2 types 
Array index 0 points to an empty string. Use index 1 instead.

Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>
 2025-04-24 10:43:03 -06:00
Joe Grandja
cb60d8b3ed Merge branch '6.3.x' into 6.4.x 
Closes gh-16951
 2025-04-17 05:17:38 -04:00
Joe Grandja
c1aa99fdd2 Enforce BCrypt password length for new passwords only 
Closes gh-16802
 2025-04-17 04:53:33 -04:00
Rob Winch
05116eabbd
Merge branch '6.3.x' into 6.4.x 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16756
 2025-03-17 14:18:49 -05:00
Rob Winch
adb303e152
Add testRuntimeOnly junit-platform-launcher 
Closes gh-16755
 2025-03-17 14:16:44 -05:00
Joe Grandja
806a0474f4 Merge branch '6.3.x' into 6.4.x 2025-03-17 13:52:36 -04:00
Joe Grandja
46f0dc6dfc Enforce BCrypt password length 2025-03-17 13:23:27 -04:00
Josh Cummings
244fd2eb51
Support Serialization in Exceptions 
Issue gh-16276
 2025-01-14 18:37:53 -07:00
Joe Grandja
c2cfe92a02 Merge branch '6.3.x' 2024-11-18 05:16:16 -05:00
Joe Grandja
709103e38c Merge branch '6.2.x' into 6.3.x 2024-11-18 04:45:38 -05:00
Joe Grandja
a8c4d6cead Require Locale argument for toLower/toUpperCase usage 2024-11-18 04:22:26 -05:00
Jonny Coddington
b90851d968 Improve Error Messages for PasswordEncoder 
Closes gh-14880

Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>
 2024-09-17 14:16:08 -07:00
Marcus Hert Da Coregio
08f11f06ab Revert unnecessary commits from main 
Issue gh-15016
 2024-05-08 13:49:18 -03:00
Josh Cummings
9d486ee4f4
Merge branch '6.1.x' into 6.2.x 2024-04-26 17:21:14 -06:00
Josh Cummings
1b8cf6cc55
Merge branch '5.8.x' into 6.1.x 2024-04-26 17:21:06 -06:00
Josh Cummings
e5ee45d568
Fix Import Error 
Issue gh-14880
 2024-04-26 17:20:53 -06:00
Josh Cummings
e7610027ae
Merge branch '6.1.x' into 6.2.x 
Closes gh-14974
 2024-04-26 17:13:52 -06:00
Josh Cummings
38ae090d3d
Merge branch '5.8.x' into 6.1.x 
Closes gh-14973
 2024-04-26 17:13:39 -06:00
Abimael Sergio
3b9991fc89 Improve PasswordEncoder Error Messaging 
Closes gh-14880
 2024-04-26 17:13:17 -06:00
Josh Cummings
8dd28b797a
Update to BouncyCastle 1.78 
Closes gh-14910
 2024-04-15 15:32:08 -06:00
Marcus Hert Da Coregio
93c2d1cc3c Disable spring-security-rsa tests on Windows 
Issue gh-14202
 2024-01-30 09:08:00 -03:00
Marcus Hert Da Coregio
6f7b9bbfde Migrate spring-security-rsa into spring-security-crypto 
Closes gh-14202
 2024-01-29 13:49:51 -03:00
Marcus Hert Da Coregio
e3ab1c94d7 Use assertj assertions 2023-11-17 09:04:50 -03:00
Marcus Hert Da Coregio
a7da9491d9 Use assertj assertions 2023-11-17 09:03:36 -03:00
Steve Riesenberg
9db33f33c7
Revert unnecessary merges on 6.0.x 
This commit removes unnecessary main-branch merges starting from
8750608b5bca45525c99d0a41a20ed02de93d8c7 and adds the following
needed commit(s) that were made afterward:

- 5dce82c48bc0b174838501c5a111b2de70822914
 2023-10-31 15:11:45 -05:00
Marcus Da Coregio
6c9cb47125 Fix code style 2023-09-29 13:52:04 -03:00
Marcus Da Coregio
07b6c451fd Merge branch '6.1.x' 
Closes gh-13884
 2023-09-29 11:47:38 -03:00
Marcus Da Coregio
92c82191c9 Merge branch '5.8.x' into 6.0.x 
Closes gh-13882
 2023-09-29 11:46:00 -03:00
Marcus Da Coregio
64e2a2ff8b Apply updated Code Style 
Closes gh-13881
 2023-09-29 11:44:32 -03:00
Tim te Beek
9df9cb5aed refactor: AssertJ best practices 
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D

Co-authored-by: Moderne <team@moderne.io>
 2023-09-12 16:18:14 -06:00
Krzysztof Krason
9b603b99ab Using modern Java features 2023-06-22 11:24:25 -06:00
Marcus Da Coregio
d5603a944d Avoid exception if PBKDF2WithHmacSHA256 is not available 
Issue gh-12873
 2023-04-04 09:33:12 -03:00
Joe Grandja
ed6a7f7730 Remove deprecated constructors in PasswordEncoders 
Closes gh-11985
 2022-10-12 02:38:25 -04:00
Joe Grandja
7af111cd33 Merge branch '5.8.x' 2022-10-12 01:28:01 -04:00
Joe Grandja
c50441b59f Update default configuration for Pbkdf2PasswordEncoder 
The recommended minimums for PBKDF2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are:
If FIPS-140 compliance is required, use PBKDF2 with a work factor of 310,000 or more and set with an internal hash function of HMAC-SHA-256.

Previous default configuration:
algorithm=SHA1, iterations=185000, hashLength=256

New default configuration:
algorithm=SHA256, iterations=310000, hashLength=256

The default salt length was also updated from 8 to 16.

Closes gh-10506, Closes gh-10489
 2022-10-12 00:45:10 -04:00
Joe Grandja
f8419003eb Update default configuration for SCryptPasswordEncoder 
The recommended minimums for scrypt, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are:
Use scrypt with a minimum CPU/memory cost parameter of (2^16), a minimum block size of 8 (1024 bytes), and a parallelization parameter of 1.

Previous default configuration:
cpuCost=16384, memoryCost=8, parallelism=1

New default configuration:
cpuCost=65536, memoryCost=8, parallelism=1

The default salt length was also updated from 64 to 16.

Issue gh-10506
 2022-10-12 00:14:07 -04:00
Joe Grandja
2ea62d0f8b Update default configuration for Argon2PasswordEncoder 
The recommended minimums for Argon2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are:
Use Argon2id with a minimum configuration of 15 MiB of memory, an iteration count of 2, and 1 degree of parallelism.

Previous default configuration:
memory=4, iterations=3, parallelism=1

New default configuration:
memory=16, iterations=2, parallelism=1

Issue gh-10506
 2022-10-11 18:04:37 -04:00
Rob Winch
d996c2a2c6 Remove unsafe/deprecated Encryptors.querableText(CharSequence,CharSequence) 
This method is insecure. Users should instead encrypt with their database.

Closes gh-8980
 2022-09-07 13:51:58 -05:00
Rob Winch
2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Josh Cummings
ba0f8ec3ef
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:06:15 -06:00
Josh Cummings
3f13fa0285
Improve Upgrading 
Closes gh-11259
 2022-07-11 14:06:04 -06:00
Jihoon Cha
af7f943325
Prevent instantiation of DelegatingPasswordEncoder if idPrefix contains idSuffix 
Closes gh-10933
 2022-04-05 09:16:44 -05:00
Rob Winch
0c201565fc Fix format DelegatingPasswordEncoder 2021-11-16 13:32:15 -06:00
Rob Winch
582629c087 Rename prefix/suffix in DelegatingPasswordEncoder 
Issue gh-10273
 2021-11-16 13:16:37 -06:00
heowc
399cf2e59d Support for changing prefix and suffix in DelegatingPasswordEncoder 
Closes gh-10273
 2021-11-16 13:16:37 -06:00
Marcus Da Coregio
02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio
d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
heowc
84d173c310 Fix typo 2021-09-27 10:55:18 -03:00