Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,877 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

267 Commits

Author SHA1 Message Date
Jonny Coddington b90851d968 Improve Error Messages for PasswordEncoder 
Closes gh-14880

Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com>
 2024-09-17 14:16:08 -07:00
Josh Cummings 9d486ee4f4
Merge branch '6.1.x' into 6.2.x 2024-04-26 17:21:14 -06:00
Josh Cummings 1b8cf6cc55
Merge branch '5.8.x' into 6.1.x 2024-04-26 17:21:06 -06:00
Josh Cummings e5ee45d568
Fix Import Error 
Issue gh-14880
 2024-04-26 17:20:53 -06:00
Josh Cummings e7610027ae
Merge branch '6.1.x' into 6.2.x 
Closes gh-14974
 2024-04-26 17:13:52 -06:00
Josh Cummings 38ae090d3d
Merge branch '5.8.x' into 6.1.x 
Closes gh-14973
 2024-04-26 17:13:39 -06:00
Abimael Sergio 3b9991fc89 Improve PasswordEncoder Error Messaging 
Closes gh-14880
 2024-04-26 17:13:17 -06:00
Josh Cummings 8dd28b797a
Update to BouncyCastle 1.78 
Closes gh-14910
 2024-04-15 15:32:08 -06:00
Marcus Hert Da Coregio 93c2d1cc3c Disable spring-security-rsa tests on Windows 
Issue gh-14202
 2024-01-30 09:08:00 -03:00
Marcus Hert Da Coregio 6f7b9bbfde Migrate spring-security-rsa into spring-security-crypto 
Closes gh-14202
 2024-01-29 13:49:51 -03:00
Marcus Hert Da Coregio e3ab1c94d7 Use assertj assertions 2023-11-17 09:04:50 -03:00
Marcus Hert Da Coregio a7da9491d9 Use assertj assertions 2023-11-17 09:03:36 -03:00
Steve Riesenberg 9db33f33c7
Revert unnecessary merges on 6.0.x 
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:

- 5dce82c48b
 2023-10-31 15:11:45 -05:00
Marcus Da Coregio 6c9cb47125 Fix code style 2023-09-29 13:52:04 -03:00
Marcus Da Coregio 07b6c451fd Merge branch '6.1.x' 
Closes gh-13884
 2023-09-29 11:47:38 -03:00
Marcus Da Coregio 92c82191c9 Merge branch '5.8.x' into 6.0.x 
Closes gh-13882
 2023-09-29 11:46:00 -03:00
Marcus Da Coregio 64e2a2ff8b Apply updated Code Style 
Closes gh-13881
 2023-09-29 11:44:32 -03:00
Tim te Beek 9df9cb5aed refactor: AssertJ best practices 
Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/bGVuS?organizationId=RGVmYXVsdA%3D%3D

Co-authored-by: Moderne <team@moderne.io>
 2023-09-12 16:18:14 -06:00
Krzysztof Krason 9b603b99ab Using modern Java features 2023-06-22 11:24:25 -06:00
Marcus Da Coregio d5603a944d Avoid exception if PBKDF2WithHmacSHA256 is not available 
Issue gh-12873
 2023-04-04 09:33:12 -03:00
Joe Grandja ed6a7f7730 Remove deprecated constructors in PasswordEncoders 
Closes gh-11985
 2022-10-12 02:38:25 -04:00
Joe Grandja 7af111cd33 Merge branch '5.8.x' 2022-10-12 01:28:01 -04:00
Joe Grandja c50441b59f Update default configuration for Pbkdf2PasswordEncoder 
The recommended minimums for PBKDF2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are:
If FIPS-140 compliance is required, use PBKDF2 with a work factor of 310,000 or more and set with an internal hash function of HMAC-SHA-256.

Previous default configuration:
algorithm=SHA1, iterations=185000, hashLength=256

New default configuration:
algorithm=SHA256, iterations=310000, hashLength=256

The default salt length was also updated from 8 to 16.

Closes gh-10506, Closes gh-10489
 2022-10-12 00:45:10 -04:00
Joe Grandja f8419003eb Update default configuration for SCryptPasswordEncoder 
The recommended minimums for scrypt, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are:
Use scrypt with a minimum CPU/memory cost parameter of (2^16), a minimum block size of 8 (1024 bytes), and a parallelization parameter of 1.

Previous default configuration:
cpuCost=16384, memoryCost=8, parallelism=1

New default configuration:
cpuCost=65536, memoryCost=8, parallelism=1

The default salt length was also updated from 64 to 16.

Issue gh-10506
 2022-10-12 00:14:07 -04:00
Joe Grandja 2ea62d0f8b Update default configuration for Argon2PasswordEncoder 
The recommended minimums for Argon2, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are:
Use Argon2id with a minimum configuration of 15 MiB of memory, an iteration count of 2, and 1 degree of parallelism.

Previous default configuration:
memory=4, iterations=3, parallelism=1

New default configuration:
memory=16, iterations=2, parallelism=1

Issue gh-10506
 2022-10-11 18:04:37 -04:00
Rob Winch d996c2a2c6 Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` 
This method is insecure. Users should instead encrypt with their database.

Closes gh-8980
 2022-09-07 13:51:58 -05:00
Rob Winch 2fb625db84 Remove mockito deprecations 
Issue gh-11748
 2022-08-23 15:59:52 -05:00
Josh Cummings ba0f8ec3ef
Correct input validation for 31 rounds 
Closes gh-11470
 2022-07-11 14:06:15 -06:00
Josh Cummings 3f13fa0285
Improve Upgrading 
Closes gh-11259
 2022-07-11 14:06:04 -06:00
Jihoon Cha af7f943325
Prevent instantiation of DelegatingPasswordEncoder if idPrefix contains idSuffix 
Closes gh-10933
 2022-04-05 09:16:44 -05:00
Rob Winch 0c201565fc Fix format DelegatingPasswordEncoder 2021-11-16 13:32:15 -06:00
Rob Winch 582629c087 Rename prefix/suffix in DelegatingPasswordEncoder 
Issue gh-10273
 2021-11-16 13:16:37 -06:00
heowc 399cf2e59d Support for changing prefix and suffix in `DelegatingPasswordEncoder` 
Closes gh-10273
 2021-11-16 13:16:37 -06:00
Marcus Da Coregio 02b2fcc6f0 Restore ManagementConfigurationPlugin 
Issue gh-9615
 2021-10-05 11:23:29 -03:00
Marcus Da Coregio d2e5f2ae0d Update Gradle to 7.2 
Closes gh-9615
 2021-10-04 15:19:40 -03:00
heowc 84d173c310 Fix typo 2021-09-27 10:55:18 -03:00
heowc 7b73b94198 Fix typo 2021-09-22 16:29:50 -06:00
Rob Winch f73f213f50 Remove DependencySetPlugin 
Closes gh-10070
 2021-07-12 15:31:38 -05:00
Rob Winch 793cd71a5e Remove remaining junit code 2021-07-09 15:57:21 -05:00
Rob Winch 3e93b024d6 openrewrite Junit Migration 2021-07-09 14:32:52 -05:00
Eleftheria Stein 204a32aba8 Replace < and > with &lt and &gt in Javadoc 
Closes gh-9847
 2021-06-04 12:26:07 +03:00
Prashant Tholia 3c33535681 Update javadoc for AesBytesEncrytor constructors 
Update AesBytesEncryptor constructors' javadoc to:
1. mention default IV length and encryption mode,
2. provide links to appropriate constructors that allow users to
specify custom IV and encryption mode.

Related to gh-3879 and gh-9361
 2021-04-05 13:49:29 -06:00
Prashant Tholia 67fdac1db1 Fix Encryptors.java javadoc 
Fix link issue in 'See Also' section of Encryptors.standard method
 2021-04-05 12:33:27 -06:00
Rob Winch 60d3db5798 add management platform(project(":spring-security-dependencies")) 
Closes gh-9540
 2021-04-05 10:36:36 -05:00
Manousos Mathioudakis d948528b7b Add javadoc at constructors. 
Closes gh-9361

Signed-off-by: Manousos Mathioudakis <manoumathioudakis@yahoo.gr>
 2021-03-26 16:00:52 -05:00
Eleftheria Stein 4a492846f1 Revert "Lock dependencies for 2.5.0-M3" 
This reverts commit f05cc6269c.
 2021-03-15 23:18:45 +01:00
Eleftheria Stein f05cc6269c Lock dependencies for 2.5.0-M3 2021-03-15 11:00:19 +01:00
Josh Cummings c4be1c6a56
Revert "Lock Dependencies" 
This reverts commit a85caa4098.
 2021-02-11 15:49:59 -07:00
Josh Cummings a85caa4098
Lock Dependencies 2021-02-11 15:00:38 -07:00
Loic Guibert 050e4a98b4 Fix javadoc in Pbkdf2PasswordEncoder 
- Add @author Loïc Guibert
- Add @since 5.5 to new constructors

See PR gh-9147
 2020-11-25 11:45:21 -07:00