Search in sources :

Example 36 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project mots by motech-implementations.

the class UserService method changeUserPassword.

/**
 * Updates user's password.
 *
 * @param username of user which password is about to change.
 * @param newPassword is new password value for user.
 * @param currentPassword is current user's password.
 */
public void changeUserPassword(String username, String newPassword, String currentPassword) {
    User user = getUserByUserName(username);
    if (!passwordsMatch(currentPassword, user.getPassword())) {
        throw new IllegalArgumentException("Current password is incorrect.");
    }
    String newPasswordEncoded = new BCryptPasswordEncoder().encode(newPassword);
    user.setPassword(newPasswordEncoded);
    userRepository.save(user);
}
Also used : User(org.motechproject.mots.domain.security.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 37 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project cas by apereo.

the class QueryDatabaseAuthenticationHandlerTests method verifyBCryptFail.

/**
 * This test proves that in case BCRYPT is used authentication using encoded password always fail
 * with FailedLoginException
 */
@Test
public void verifyBCryptFail() {
    val encoder = new BCryptPasswordEncoder(8, RandomUtils.getNativeInstance());
    val sql = SQL.replace("*", '\'' + encoder.encode("pswbc1") + "' password");
    val properties = new QueryJdbcAuthenticationProperties().setSql(sql).setFieldPassword(PASSWORD_FIELD);
    val q = new QueryDatabaseAuthenticationHandler(properties, null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource, new HashMap<>(0));
    q.setPasswordEncoder(encoder);
    assertThrows(FailedLoginException.class, () -> q.authenticate(CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("user0", "pswbc1")));
}
Also used : lombok.val(lombok.val) QueryJdbcAuthenticationProperties(org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Test(org.junit.jupiter.api.Test)

Example 38 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project spring-boot-starter-kit by tripsta.

the class SecurityConfiguration method configure.

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
    auth.inMemoryAuthentication().withUser(userRoleUsername).password(encoder.encode(userRolePassword)).roles(ROLE_USER).and().withUser(adminRoleUsername).password(encoder.encode(adminRolePassword)).roles(ROLE_USER, ROLE_ADMIN);
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 39 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project hub-alert by blackducksoftware.

the class PasswordEncoderSample method testEncodePassword.

@Test
public void testEncodePassword() {
    PasswordEncoder encoder = new BCryptPasswordEncoder(16);
    String encodedString = encoder.encode("replace_me_with_a_password_to_get_encoded_value");
    logger.debug("Encoded String: {}", encodedString);
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Test(org.junit.jupiter.api.Test)

Example 40 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project CzechIdMng by bcvsolutions.

the class DefaultIdmPasswordHistoryService method checkHistory.

@Override
public boolean checkHistory(UUID identityId, int countOfIteration, GuardedString newPassword) {
    Assert.notNull(identityId, "Identity id can't be null.");
    Assert.notNull(newPassword, "New password can't be null.");
    // 
    BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(12);
    // 
    for (IdmPasswordHistoryDto passwordHistory : getPasswordHistoryForIdentity(identityId, countOfIteration)) {
        boolean matches = encoder.matches(newPassword.asString(), passwordHistory.getPassword());
        if (matches) {
            return true;
        }
    }
    return false;
}
Also used : IdmPasswordHistoryDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordHistoryDto) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Aggregations

BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)48 PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)18 Test (org.junit.jupiter.api.Test)7 KeystorePasswordHolder (won.owner.model.KeystorePasswordHolder)7 User (won.owner.model.User)7 SCryptPasswordEncoder (org.springframework.security.crypto.scrypt.SCryptPasswordEncoder)6 DelegatingPasswordEncoder (org.springframework.security.crypto.password.DelegatingPasswordEncoder)5 NoOpPasswordEncoder (org.springframework.security.crypto.password.NoOpPasswordEncoder)5 Pbkdf2PasswordEncoder (org.springframework.security.crypto.password.Pbkdf2PasswordEncoder)5 StandardPasswordEncoder (org.springframework.security.crypto.password.StandardPasswordEncoder)5 User (com.github.liuweijw.business.admin.domain.User)4 HashMap (java.util.HashMap)4 Transactional (org.springframework.transaction.annotation.Transactional)4 KeystoreHolder (won.owner.model.KeystoreHolder)4 ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)4 PrePermissions (com.github.liuweijw.business.commons.web.aop.PrePermissions)3 Date (java.util.Date)3 lombok.val (lombok.val)3 Bean (org.springframework.context.annotation.Bean)3 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)3