Search in sources :

Example 26 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project webanno by webanno.

the class WebAnno method passwordEncoder.

// The WebAnno User model class picks this bean up by name!
@Bean
public PasswordEncoder passwordEncoder() {
    // Set up a DelegatingPasswordEncoder which decodes legacy passwords using the
    // StandardPasswordEncoder but encodes passwords using the modern BCryptPasswordEncoder
    String encoderForEncoding = "bcrypt";
    Map<String, PasswordEncoder> encoders = new HashMap<>();
    encoders.put(encoderForEncoding, new BCryptPasswordEncoder());
    DelegatingPasswordEncoder delegatingEncoder = new DelegatingPasswordEncoder(encoderForEncoding, encoders);
    // Decode legacy passwords without encoder ID using the StandardPasswordEncoder
    delegatingEncoder.setDefaultPasswordEncoderForMatches(new StandardPasswordEncoder());
    return delegatingEncoder;
}
Also used : StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) DelegatingPasswordEncoder(org.springframework.security.crypto.password.DelegatingPasswordEncoder) StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) HashMap(java.util.HashMap) DelegatingPasswordEncoder(org.springframework.security.crypto.password.DelegatingPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Bean(org.springframework.context.annotation.Bean)

Example 27 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project webofneeds by researchstudio-sat.

the class RestUserController method registerUser.

/**
 * Registers the specified user with password and an opional role.
 * Assumes values have already been checked for syntactic validity.
 * @param email
 * @param password
 * @param role
 * @throws UserAlreadyExistsException
 */
private void registerUser(String email, String password, String role) throws UserAlreadyExistsException {
    User user = userRepository.findByUsername(email);
    if (user != null) {
        throw new UserAlreadyExistsException();
    }
    try {
        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        user = new User(email, passwordEncoder.encode(password), role);
        user.setEmail(email);
        KeystorePasswordHolder keystorePassword = new KeystorePasswordHolder();
        // generate a password for the keystore and save it in the database, encrypted with a symmetric key
        // derived from the user's password
        keystorePassword.setPassword(KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES), password);
        // keystorePassword = keystorePasswordRepository.save(keystorePassword);
        // generate the keystore for the user
        KeystoreHolder keystoreHolder = new KeystoreHolder();
        try {
            // create the keystore if it doesnt exist yet
            keystoreHolder.getKeystore(keystorePassword.getPassword(password));
        } catch (Exception e) {
            throw new IllegalStateException("could not create keystore for user " + email);
        }
        // keystoreHolder = keystoreHolderRepository.save(keystoreHolder);
        user.setKeystorePasswordHolder(keystorePassword);
        user.setKeystoreHolder(keystoreHolder);
        userRepository.save(user);
    } catch (DataIntegrityViolationException e) {
        // username is already in database
        throw new UserAlreadyExistsException();
    }
}
Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) KeystoreHolder(won.owner.model.KeystoreHolder) UserAlreadyExistsException(won.owner.service.impl.UserAlreadyExistsException) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) URISyntaxException(java.net.URISyntaxException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UserAlreadyExistsException(won.owner.service.impl.UserAlreadyExistsException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)

Example 28 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project pac4j by pac4j.

the class SpringEncoderBuilder method tryCreatePasswordEncoder.

public void tryCreatePasswordEncoder(final Map<String, org.pac4j.core.credentials.password.PasswordEncoder> encoders) {
    for (int i = 0; i <= MAX_NUM_ENCODERS; i++) {
        final String type = getProperty(SPRING_ENCODER_TYPE, i);
        if (isNotBlank(type)) {
            final PasswordEncoder encoder;
            if (SpringEncoderType.NOOP.toString().equalsIgnoreCase(type)) {
                encoder = NoOpPasswordEncoder.getInstance();
            } else if (SpringEncoderType.BCRYPT.toString().equalsIgnoreCase(type)) {
                if (containsProperty(SPRING_ENCODER_BCRYPT_LENGTH, i)) {
                    encoder = new BCryptPasswordEncoder(getPropertyAsInteger(SPRING_ENCODER_BCRYPT_LENGTH, i));
                } else {
                    encoder = new BCryptPasswordEncoder();
                }
            } else if (SpringEncoderType.PBKDF2.toString().equalsIgnoreCase(type)) {
                if (containsProperty(SPRING_ENCODER_PBKDF2_SECRET, i)) {
                    final String secret = getProperty(SPRING_ENCODER_PBKDF2_SECRET, i);
                    if (containsProperty(SPRING_ENCODER_PBKDF2_ITERATIONS, i) && containsProperty(SPRING_ENCODER_PBKDF2_HASH_WIDTH, i)) {
                        encoder = new Pbkdf2PasswordEncoder(secret, getPropertyAsInteger(SPRING_ENCODER_PBKDF2_ITERATIONS, i), getPropertyAsInteger(SPRING_ENCODER_PBKDF2_HASH_WIDTH, i));
                    } else {
                        encoder = new Pbkdf2PasswordEncoder(secret);
                    }
                } else {
                    encoder = new Pbkdf2PasswordEncoder();
                }
            } else if (SpringEncoderType.SCRYPT.toString().equalsIgnoreCase(type)) {
                if (containsProperty(SPRING_ENCODER_SCRYPT_CPU_COST, i) && containsProperty(SPRING_ENCODER_SCRYPT_MEMORY_COST, i) && containsProperty(SPRING_ENCODER_SCRYPT_PARALLELIZATION, i) && containsProperty(SPRING_ENCODER_SCRYPT_KEY_LENGTH, i) && containsProperty(SPRING_ENCODER_SCRYPT_SALT_LENGTH, i)) {
                    encoder = new SCryptPasswordEncoder(getPropertyAsInteger(SPRING_ENCODER_SCRYPT_CPU_COST, i), getPropertyAsInteger(SPRING_ENCODER_SCRYPT_MEMORY_COST, i), getPropertyAsInteger(SPRING_ENCODER_SCRYPT_PARALLELIZATION, i), getPropertyAsInteger(SPRING_ENCODER_SCRYPT_KEY_LENGTH, i), getPropertyAsInteger(SPRING_ENCODER_SCRYPT_SALT_LENGTH, i));
                } else {
                    encoder = new SCryptPasswordEncoder();
                }
            } else if (SpringEncoderType.STANDARD.toString().equalsIgnoreCase(type)) {
                if (containsProperty(SPRING_ENCODER_STANDARD_SECRET, i)) {
                    encoder = new StandardPasswordEncoder(getProperty(SPRING_ENCODER_STANDARD_SECRET, i));
                } else {
                    encoder = new StandardPasswordEncoder();
                }
            } else {
                throw new TechnicalException("Unsupported spring encoder type: " + type);
            }
            encoders.put(concat(SPRING_ENCODER, i), new SpringSecurityPasswordEncoder(encoder));
        }
    }
}
Also used : StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) TechnicalException(org.pac4j.core.exception.TechnicalException) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) SpringSecurityPasswordEncoder(org.pac4j.core.credentials.password.SpringSecurityPasswordEncoder) NoOpPasswordEncoder(org.springframework.security.crypto.password.NoOpPasswordEncoder) StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) SpringSecurityPasswordEncoder(org.pac4j.core.credentials.password.SpringSecurityPasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 29 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project FP-PSP-SERVER by FundacionParaguaya.

the class UserServiceImpl method addUserWithRoleAndApplication.

@Override
public UserDTO addUserWithRoleAndApplication(UserRoleApplicationDTO userRoleApplicationDTO, UserDetailsDTO userDetails) {
    userRepository.findOneByUsername(userRoleApplicationDTO.getUsername()).ifPresent(user -> {
        throw new CustomParameterizedException("User already exists.", new ImmutableMultimap.Builder<String, String>().put("username", user.getUsername()).build().asMap());
    });
    UserEntity user = new UserEntity();
    user.setUsername(userRoleApplicationDTO.getUsername());
    user.setEmail(userRoleApplicationDTO.getEmail());
    user.setPass(new BCryptPasswordEncoder().encode(userRoleApplicationDTO.getPass()));
    user.setActive(true);
    UserEntity newUser = userRepository.save(user);
    if (userRoleApplicationDTO.getRole() != null) {
        createUserRole(newUser, userRoleApplicationDTO.getRole());
    }
    if (userRoleApplicationDTO.getOrganizationId() != null) {
        createUserOrganization(newUser, userRoleApplicationDTO);
    } else if (userRoleApplicationDTO.getApplicationId() != null) {
        createUserApplication(newUser, userRoleApplicationDTO);
    }
    return userMapper.entityToDto(newUser);
}
Also used : CustomParameterizedException(py.org.fundacionparaguaya.pspserver.common.exceptions.CustomParameterizedException) UserEntity(py.org.fundacionparaguaya.pspserver.security.entities.UserEntity) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 30 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project FP-PSP-SERVER by FundacionParaguaya.

the class AuthServerOAuth2Config method main.

public static void main(String[] args) {
    // Use this to generate passwords
    String password = "";
    BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    String hashedPassword = passwordEncoder.encode(password);
    System.out.println(hashedPassword);
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Aggregations

BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)48 PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)18 Test (org.junit.jupiter.api.Test)7 KeystorePasswordHolder (won.owner.model.KeystorePasswordHolder)7 User (won.owner.model.User)7 SCryptPasswordEncoder (org.springframework.security.crypto.scrypt.SCryptPasswordEncoder)6 DelegatingPasswordEncoder (org.springframework.security.crypto.password.DelegatingPasswordEncoder)5 NoOpPasswordEncoder (org.springframework.security.crypto.password.NoOpPasswordEncoder)5 Pbkdf2PasswordEncoder (org.springframework.security.crypto.password.Pbkdf2PasswordEncoder)5 StandardPasswordEncoder (org.springframework.security.crypto.password.StandardPasswordEncoder)5 User (com.github.liuweijw.business.admin.domain.User)4 HashMap (java.util.HashMap)4 Transactional (org.springframework.transaction.annotation.Transactional)4 KeystoreHolder (won.owner.model.KeystoreHolder)4 ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)4 PrePermissions (com.github.liuweijw.business.commons.web.aop.PrePermissions)3 Date (java.util.Date)3 lombok.val (lombok.val)3 Bean (org.springframework.context.annotation.Bean)3 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)3