Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-03-11 09:04:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,162 Commits 52 Branches 373 Tags
Commit Graph

310 Commits

Author SHA1 Message Date
Robert Winch
17776e4738
Merge Fix Flaky Crypto Tests 2026-03-03 15:26:53 -06:00
Robert Winch
1261c229a3
Fix Flaky Crypto Tests 
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.

This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
 2026-03-03 14:52:28 -06:00
Robert Winch
a32d9f04e3
Revert "Use project.artifactory(Username|Password)" 
This reverts commit 9c449000dc0508457d0e4392a46e8ca731ada0fa.
 2026-01-12 16:04:56 -06:00
Robert Winch
9c449000dc
Use project.artifactory(Username|Password) 2026-01-12 15:48:47 -06:00
Josh Cummings
63f28a7e1f Merge branch '6.5.x' 2025-11-04 14:04:56 -07:00
Josh Cummings
f988272fff Merge branch '6.4.x' into 6.5.x 2025-11-04 14:04:29 -07:00
Josh Cummings
532d0bef14 Add Test to Confirm 72-byte BCrypt Password Limit 
Closes gh-18133
 2025-11-04 14:04:02 -07:00
Rob Winch
d0372efadd
Use include-code for password4j docs 
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.

Issue gh-17706
 2025-09-15 11:03:44 -05:00
Mehrdad
2d74f9c334 Create a specific implementation for BalloonHashing and PBKDF2 password encoders using Password4j library 
Closes gh-17706

Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com>
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:41 +03:30
Mehrdad
8c2ad4e4d1 Add Argon2 and BCrypt and Scrypt password encoders using Password4j library 
Closes gh-17706

Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com>
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:41 +03:30
M.Bozorgmehr
9f5d27e8d0 Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation 
Closes gh-17706

Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com>
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:40 +03:30
M.Bozorgmehr
bd593a63d0 Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation 
Closes gh-17706

Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>

Add Password4jPasswordEncoder for enhanced password hashing support

Signed-off-by: M.Bozorgmehr <m.bozorgmehr@emofid.com>
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>

Add Password4jPasswordEncoder for enhanced password hashing support

Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com>
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com>
 2025-09-13 09:27:40 +03:30
Rob Winch
f6cb0bd610
Merge Use 2004-present Copyright Header 
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
 2025-07-29 10:52:42 -05:00
Rob Winch
2fdca16c1a
Merge branch '6.4.x' into 6.5.x 
Closes gh-17634
 2025-07-29 09:47:52 -05:00
Rob Winch
392129b616
Use 2004-present Copyright Header 
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.

The commit updated etc/checkstyle/header.txt

It also updated the copyright headers using the following find/replace:

Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.

Closes gh-17633
 2025-07-29 09:45:23 -05:00
Rob Winch
7c887d2da1
Add nullability to spring-security-core 
Closes gh-17534
 2025-07-22 16:29:13 -05:00
Rob Winch
9db1ffbd79
Add Nullability to spring-security-crypto 
Closes gh-17533
 2025-07-22 16:29:13 -05:00
Soumik Sarker
2f53a2edb3 Removed deprecated Base64 of crypto package 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>
 2025-06-27 14:24:54 -05:00
Andrey Litvitski
3b492a9628 remove 32-byte minimum keyLength restriction in Base64StringKeyGenerator (#17012) 
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
 2025-05-14 11:41:30 -05:00
Rob Winch
d52289bd7a Remove Unnecessary Backwards Compatability 
Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated,
we should no longer support it (as it will likely be removed from Bouncy Castle)
 2025-05-07 11:19:27 -05:00
Steve Riesenberg
5eb232cd3d Polish gh-16164 2025-05-07 11:19:27 -05:00
Ferdinand Jacobs
2b22cf2877 Replace BouncyCastle's deprecated AESFastEngine with the default AESEngine 
- Update AESEngine to use the default AES engine, following BouncyCastle's recommendations
  (see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56).
- Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation")
- Remove @SuppressWarnings("deprecation")
 2025-05-07 11:19:27 -05:00
Rob Winch
a80592a707
Use commons-logging directly 
Closes gh-17061
 2025-05-06 13:27:13 -05:00
Josh Cummings
eda9142b6b
Merge branch '6.4.x' 2025-04-28 11:13:50 -06:00
Josh Cummings
e6957bb854
Merge branch '6.3.x' into 6.4.x 2025-04-28 11:13:09 -06:00
Josh Cummings
547d174f3e Fix Formatting 2025-04-24 10:43:03 -06:00
Roman Trapickin
d2d1275b39 Fix IllegalArgumentException message for unknown Argon2 types 
Array index 0 points to an empty string. Use index 1 instead.

Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com>
 2025-04-24 10:43:03 -06:00
Joe Grandja
ef4479a554 Merge branch '6.4.x' 2025-04-17 05:31:29 -04:00
Joe Grandja
cb60d8b3ed Merge branch '6.3.x' into 6.4.x 
Closes gh-16951
 2025-04-17 05:17:38 -04:00
Joe Grandja
c1aa99fdd2 Enforce BCrypt password length for new passwords only 
Closes gh-16802
 2025-04-17 04:53:33 -04:00
James Howe
8d7f6acab6 Typo in Base64StringKeyGenerator exception message 
Signed-off-by: James Howe <675056+OrangeDog@users.noreply.github.com>
 2025-04-08 09:56:14 -06:00
Rob Winch
e6223dede3
Merge branch '6.4.x' 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16757
 2025-03-17 14:34:18 -05:00
Rob Winch
05116eabbd
Merge branch '6.3.x' into 6.4.x 
- adb303e Add testRuntimeOnly junit-platform-launcher

Closes gh-16756
 2025-03-17 14:18:49 -05:00
Rob Winch
adb303e152
Add testRuntimeOnly junit-platform-launcher 
Closes gh-16755
 2025-03-17 14:16:44 -05:00
Joe Grandja
b97b555fde Merge branch '6.4.x' 2025-03-17 14:05:46 -04:00
Joe Grandja
806a0474f4 Merge branch '6.3.x' into 6.4.x 2025-03-17 13:52:36 -04:00
Joe Grandja
46f0dc6dfc Enforce BCrypt password length 2025-03-17 13:23:27 -04:00
Christian
b56650100a
Removes the use of StringUtils from DelegatingPasswordEncoder 
Closes gh-16442

Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com>
 2025-01-31 15:43:24 -06:00
Josh Cummings
244fd2eb51
Support Serialization in Exceptions 
Issue gh-16276
 2025-01-14 18:37:53 -07:00
Joe Grandja
c2cfe92a02 Merge branch '6.3.x' 2024-11-18 05:16:16 -05:00
Joe Grandja
709103e38c Merge branch '6.2.x' into 6.3.x 2024-11-18 04:45:38 -05:00
Joe Grandja
a8c4d6cead Require Locale argument for toLower/toUpperCase usage 2024-11-18 04:22:26 -05:00
Jonny Coddington
b90851d968 Improve Error Messages for PasswordEncoder 
Closes gh-14880

Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>
 2024-09-17 14:16:08 -07:00
Marcus Hert Da Coregio
08f11f06ab Revert unnecessary commits from main 
Issue gh-15016
 2024-05-08 13:49:18 -03:00
Josh Cummings
9d486ee4f4
Merge branch '6.1.x' into 6.2.x 2024-04-26 17:21:14 -06:00
Josh Cummings
1b8cf6cc55
Merge branch '5.8.x' into 6.1.x 2024-04-26 17:21:06 -06:00
Josh Cummings
e5ee45d568
Fix Import Error 
Issue gh-14880
 2024-04-26 17:20:53 -06:00
Josh Cummings
e7610027ae
Merge branch '6.1.x' into 6.2.x 
Closes gh-14974
 2024-04-26 17:13:52 -06:00
Josh Cummings
38ae090d3d
Merge branch '5.8.x' into 6.1.x 
Closes gh-14973
 2024-04-26 17:13:39 -06:00
Abimael Sergio
3b9991fc89 Improve PasswordEncoder Error Messaging 
Closes gh-14880
 2024-04-26 17:13:17 -06:00