Search in sources :

Example 16 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project molgenis by molgenis.

the class MolgenisPasswordEncoderTest method matches_noMatch.

@Test
public void matches_noMatch() {
    String password = "password";
    String encodedPassword = "encoded-password";
    BCryptPasswordEncoder bCryptPasswordEncoder = mock(BCryptPasswordEncoder.class);
    when(bCryptPasswordEncoder.matches(password, encodedPassword)).thenReturn(true);
    assertFalse(new MolgenisPasswordEncoder(bCryptPasswordEncoder).matches("invalid-password", encodedPassword));
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Test(org.testng.annotations.Test)

Example 17 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project molgenis by molgenis.

the class MolgenisPasswordEncoderTest method matches.

@Test
public void matches() {
    String password = "password";
    String encodedPassword = "encoded-password";
    BCryptPasswordEncoder bCryptPasswordEncoder = mock(BCryptPasswordEncoder.class);
    when(bCryptPasswordEncoder.matches(password, encodedPassword)).thenReturn(true);
    assertTrue(new MolgenisPasswordEncoder(bCryptPasswordEncoder).matches(password, encodedPassword));
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Test(org.testng.annotations.Test)

Example 18 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project spring-security by spring-projects.

the class PasswordEncoderFactories method createDelegatingPasswordEncoder.

/**
 * Creates a {@link DelegatingPasswordEncoder} with default mappings. Additional
 * mappings may be added and the encoding will be updated to conform with best
 * practices. However, due to the nature of {@link DelegatingPasswordEncoder} the
 * updates should not impact users. The mappings current are:
 *
 * <ul>
 * <li>bcrypt - {@link BCryptPasswordEncoder} (Also used for encoding)</li>
 * <li>ldap -
 * {@link org.springframework.security.crypto.password.LdapShaPasswordEncoder}</li>
 * <li>MD4 -
 * {@link org.springframework.security.crypto.password.Md4PasswordEncoder}</li>
 * <li>MD5 - {@code new MessageDigestPasswordEncoder("MD5")}</li>
 * <li>noop -
 * {@link org.springframework.security.crypto.password.NoOpPasswordEncoder}</li>
 * <li>pbkdf2 - {@link Pbkdf2PasswordEncoder}</li>
 * <li>scrypt - {@link SCryptPasswordEncoder}</li>
 * <li>SHA-1 - {@code new MessageDigestPasswordEncoder("SHA-1")}</li>
 * <li>SHA-256 - {@code new MessageDigestPasswordEncoder("SHA-256")}</li>
 * <li>sha256 -
 * {@link org.springframework.security.crypto.password.StandardPasswordEncoder}</li>
 * <li>argon2 - {@link Argon2PasswordEncoder}</li>
 * </ul>
 * @return the {@link PasswordEncoder} to use
 */
@SuppressWarnings("deprecation")
public static PasswordEncoder createDelegatingPasswordEncoder() {
    String encodingId = "bcrypt";
    Map<String, PasswordEncoder> encoders = new HashMap<>();
    encoders.put(encodingId, new BCryptPasswordEncoder());
    encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder());
    encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder());
    encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5"));
    encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
    encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
    encoders.put("scrypt", new SCryptPasswordEncoder());
    encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1"));
    encoders.put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256"));
    encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
    encoders.put("argon2", new Argon2PasswordEncoder());
    return new DelegatingPasswordEncoder(encodingId, encoders);
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) Argon2PasswordEncoder(org.springframework.security.crypto.argon2.Argon2PasswordEncoder) DelegatingPasswordEncoder(org.springframework.security.crypto.password.DelegatingPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) HashMap(java.util.HashMap) DelegatingPasswordEncoder(org.springframework.security.crypto.password.DelegatingPasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) Argon2PasswordEncoder(org.springframework.security.crypto.argon2.Argon2PasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 19 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project spring-security by spring-projects.

the class DaoAuthenticationProviderTests method testUserNotFoundBCryptPasswordEncoder.

@Test
public void testUserNotFoundBCryptPasswordEncoder() {
    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("missing", "koala");
    PasswordEncoder encoder = new BCryptPasswordEncoder();
    DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
    provider.setHideUserNotFoundExceptions(false);
    provider.setPasswordEncoder(encoder);
    MockUserDetailsServiceUserRod userDetailsService = new MockUserDetailsServiceUserRod();
    userDetailsService.password = encoder.encode((CharSequence) token.getCredentials());
    provider.setUserDetailsService(userDetailsService);
    assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> provider.authenticate(token));
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) NoOpPasswordEncoder(org.springframework.security.crypto.password.NoOpPasswordEncoder) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Test(org.junit.jupiter.api.Test)

Example 20 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project spring-boot by spring-projects.

the class EncodePasswordCommandTests method encodeWithBCryptShouldUseBCrypt.

@Test
void encodeWithBCryptShouldUseBCrypt() throws Exception {
    EncodePasswordCommand command = new EncodePasswordCommand();
    ExitStatus status = command.run("-a", "bcrypt", "boot");
    then(this.log).should().info(this.message.capture());
    assertThat(this.message.getValue()).doesNotStartWith("{");
    assertThat(new BCryptPasswordEncoder().matches("boot", this.message.getValue())).isTrue();
    assertThat(status).isEqualTo(ExitStatus.OK);
}
Also used : ExitStatus(org.springframework.boot.cli.command.status.ExitStatus) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Test(org.junit.jupiter.api.Test)

Aggregations

BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)48 PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)18 Test (org.junit.jupiter.api.Test)7 KeystorePasswordHolder (won.owner.model.KeystorePasswordHolder)7 User (won.owner.model.User)7 SCryptPasswordEncoder (org.springframework.security.crypto.scrypt.SCryptPasswordEncoder)6 DelegatingPasswordEncoder (org.springframework.security.crypto.password.DelegatingPasswordEncoder)5 NoOpPasswordEncoder (org.springframework.security.crypto.password.NoOpPasswordEncoder)5 Pbkdf2PasswordEncoder (org.springframework.security.crypto.password.Pbkdf2PasswordEncoder)5 StandardPasswordEncoder (org.springframework.security.crypto.password.StandardPasswordEncoder)5 User (com.github.liuweijw.business.admin.domain.User)4 HashMap (java.util.HashMap)4 Transactional (org.springframework.transaction.annotation.Transactional)4 KeystoreHolder (won.owner.model.KeystoreHolder)4 ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)4 PrePermissions (com.github.liuweijw.business.commons.web.aop.PrePermissions)3 Date (java.util.Date)3 lombok.val (lombok.val)3 Bean (org.springframework.context.annotation.Bean)3 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)3