Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-28 09:10:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,582 Commits 49 Branches 370 Tags
Commit Graph

63 Commits

Author SHA1 Message Date
Spring Operator
b93528138e URL Cleanup 
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).

# Fixed URLs

## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.

* http://www.apache.org/licenses/ with 1 occurrences migrated to:
  https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200).
* http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200).
* http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to:
  https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200).
 2019-03-14 15:46:20 -05:00
Rob Winch
ae0f330f98 Add BCrypt Test for Empty Raw Password 
Issue: gh-5548
 2019-01-08 11:54:36 -06:00
Josh Cummings
9ee291e659
AesBytesEncryptorTests Check Key Strength 
Fixes: gh-6121
 2018-11-20 11:45:45 -07:00
Josh Cummings
13de580632
AesBytesEncryptorTests 
Issue: gh-5099
 2018-11-13 16:03:47 -07:00
linfeng
388a7b62b9 Add BCrypt Revision Support 
Fixes: gh-3320
 2018-10-22 11:13:55 -05:00
Rob Winch
02b857d82a Add PasswordEncoder.upgradeEncoding 
Issue: gh-2778
 2018-07-14 22:52:15 -05:00
Johnny Lim
9b42831c70 Suppress deprecation warnings in spring-security-crypto 2018-05-04 21:02:57 -05:00
Rob Winch
22737dce7e Polish 
DelegatingPasswordEncoder copies the provided Map. This ensures that
references to the Map do not update the state of DelegatingPasswordEncoder
and NullPointerException is avoided for implementations that do not allow
a null key.

Issue: gh-4936
 2018-01-03 10:11:04 -06:00
Michael J. Simons
2b66793535 Catch possible NullPointerException 
Some maps may throw a NullPointerException when get is called with null. This commit catches the exceptions and just leaves the delegate null.

Fixes gh-4936
 2018-01-03 09:46:58 -06:00
Rob Winch
e5b41f30ea Fix DelegatingPasswordEncoderTests 
Issue: gh-4872
 2017-11-27 12:01:31 -06:00
Rob Winch
f558b5016c DelegatingPasswordEncoder handles null encodedPassword 
Fixes: gh-4872
 2017-11-27 11:42:56 -06:00
Johnny Lim
b6895e6359 Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 11:18:31 -06:00
Johnny Lim
d900f2a623 Remove unused imports 
This commit also adds UnusedImportsCheck Checkstyle module.
 2017-11-14 14:41:08 -06:00
Antoine
e0aca04a28 Polish AssertJ assertions 
Polish AssertJ assertions
 2017-10-29 22:22:34 -05:00
Rob Winch
6532bac295 Update Md4PasswordEncoder Javadoc 
Include format and migration information.

Issue: gh-4674
 2017-10-24 10:23:38 -05:00
Rob Winch
870b8bf9b2 Pbkdf2PasswordEncoder supports Base64 encoding 
Fixes gh-4683
 2017-10-24 08:47:04 -05:00
Rob Winch
fe8f3afbaf Pbkdf2PasswordEncoder allows custom SecretKeyFactory 
Fixes gh-2742
 2017-10-24 08:34:30 -05:00
Rob Winch
d832213c6c Add ldap to PasswordEncoderFactories 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch
d83f4c4aa5 Add SHA-256 to PasswordEncoderFactories 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch
5f2785d39c Add SHA-1 to PasswordEncoderFactories 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch
63e061f4d1 Add MD5 to PasswordEncoderFactories 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch
7fe41de5eb Add MD4 to PasswordEncoderFactories 
Issue: gh-4674
 2017-10-24 07:56:28 -05:00
Rob Winch
1ed1716df4 Add LdapShaPasswordEncoder to crypto 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch
d9a594d039 Add Md4PasswordEncoder to crypto 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Rob Winch
8fda55e98f Add MessageDigestPasswordEncoder to crypto 
Issue: gh-4674
 2017-10-23 22:27:16 -05:00
Kazuki Shimizu
2937477405 Polishing 
See gh-4666
 2017-10-23 08:36:24 -05:00
Rob Winch
d152a2e2c1 Add PasswordEncoderFactories 
Issue gh-4666
 2017-10-20 13:26:17 -05:00
Rob Winch
d0332eb71a Add DelegatingPasswordEncoder 
Fixes gh-4666
 2017-10-20 13:26:17 -05:00
Rob Winch
d7d6400971 DefaultStateGenerator->Base64StringKeyGenerator 
Rename and move DefaultStateGenerator since it is more generic than just
OAuth.

Fixes gh-4645
 2017-10-18 11:29:04 -05:00
Rob Winch
e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Rob Winch
07c3123696 Deprecate crypto.codec.Base64 
In commit 85719fc Base64 was removed. However, this class was never
deprecated properly. This commit adds it back and marks it as deprecated.

Fixes gh-4421
 2017-06-26 09:21:00 -05:00
Vedran Pavic
85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
SendilKumar N
c31bdb6390 SCryptPasswordEncoder to take default keyLength value 
Fixes gh-4225
Closes gh-4231
 2017-03-01 23:11:52 -06:00
Jan Brennenstuhl
09436649cc handling null-values for salts properly now - fixes gh-4147 2016-12-06 08:43:19 -06:00
Kazuki Shimizu
a1f771251a Improve exception message on Hex#decode 
Fixes gh-4043
 2016-08-29 15:10:39 -04:00
Rob Winch
8f880aea0e Polish Pbkdf2PasswordEncoder 
Issue gh-3930
 2016-06-21 11:47:50 -05:00
Kim Saabye Pedersen
9fcfeaf225 BCryptPasswordEncoder validates strength 
Fixes gh-3862
 2016-05-20 14:54:26 -05:00
Will Tran
b01437281d Bouncy Castle 1.47 Support 
This forces us to avoid using CipherOutputStream, and instead use the
BlockCiphers directly. As an extra measure for correctness, test the
equivalence of the BC implementations against data sizes from 1 to 2048
bytes.

Fixes gh-2917
 2016-04-18 08:35:57 -05:00
Will Tran
44fa624b6b Refactor test assumptions about JCE to common class. (#3817) 
Apply assumptions directly to test methods instead of checking for key
length in crypto.gradle.
 2016-04-14 17:02:31 -05:00
Will Tran
40208127e8 Skip tests when AesBytesEncryptor can't be created in CBC or GCM mode. (#3816) 
Tests would fail in cases where JCE unlimited strength was available but
GCM wasn't, like on JDK7.
 2016-04-14 15:21:20 -05:00
Will Tran
63b2cfe1cf Bouncy Castle implementations of AES-256 
Adds "AES/CBC/PKCS5Padding" and "AES/GCM/NoPadding"

Fixes gh-2917
 2016-04-13 16:28:55 -05:00
Rob Winch
95a3e30d9f Polish Pbkdf2PasswordEncoder 
Fixes gh-2158
Fixes gh-51
 2016-04-12 17:16:38 -05:00
Rob Worsnop
0ab7126e64 Added PBKDF2PasswordEncoder. 
- Also moved some logic into a new class, AbstractPasswordEncoder.
Both PBKDF2PasswordEncoder and the now-simplified
StandardPasswordEncoder extend AbstractPasswordEncoder.
 - Added tests for PBKDF2PasswordEncoder

Issue gh-2158
 2016-04-12 17:16:38 -05:00
Rob Winch
f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Billy Korando
71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch
bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Rob Winch
fc75a679d9 Polish SCryptPasswordEncoder 
* JKD8 Base64 -> Spring Security's Base64 to continue to support older JDKs
* Spaces to tabs
* Javadoc cleanup
* Remove of @Override to compile in Eclipse

Issue gh-3702
 2016-03-03 14:06:08 -06:00
Shazin
7d02e259df Add SCryptPasswordEncoder 
Fixes gh-3702
 2016-03-03 10:24:29 -06:00
Rob Winch
3db01bd9d6 SEC-3002: Add JUnit Assume to GCM encryption tests 
Not all JDKs have GCM installed on them.
 2015-07-13 16:22:18 -05:00
Dave Syer
a48cc18858 SEC-3002: Add new option for AES encryption with GCM 
The Galois Counter Mode (GCM) is held to be superior than the current
default CBC. This change adds an extra parameter to the constructor
of AesBytesEncryptor and a new convenience method in Encryptors.
 2015-07-09 23:27:33 -05:00