Examples with LdapShaPasswordEncoder org.springframework.security.crypto.password.LdapShaPasswordEncoder used on opensource projects

Example 1 with LdapShaPasswordEncoder

use of org.springframework.security.crypto.password.LdapShaPasswordEncoder in project cas by apereo.

the class PasswordEncoderUtils method newPasswordEncoder.

/**
 * New password encoder password encoder.
 *
 * @param properties         the properties
 * @param applicationContext the application context
 * @return the password encoder
 */
@SuppressWarnings("java:S5344")
public static PasswordEncoder newPasswordEncoder(final PasswordEncoderProperties properties, final ApplicationContext applicationContext) {
    val type = properties.getType();
    if (StringUtils.isBlank(type)) {
        LOGGER.trace("No password encoder type is defined, and so none shall be created");
        return NoOpPasswordEncoder.getInstance();
    }
    if (type.endsWith(".groovy")) {
        LOGGER.trace("Creating Groovy-based password encoder at [{}]", type);
        val resource = applicationContext.getResource(type);
        return new GroovyPasswordEncoder(resource, applicationContext);
    }
    if (type.contains(".")) {
        try {
            LOGGER.debug("Configuration indicates use of a custom password encoder [{}]", type);
            val clazz = (Class<PasswordEncoder>) Class.forName(type);
            return clazz.getDeclaredConstructor().newInstance();
        } catch (final Exception e) {
            val msg = "Falling back to a no-op password encoder as CAS has failed to create " + "an instance of the custom password encoder class " + type;
            LoggingUtils.error(LOGGER, msg, e);
            return NoOpPasswordEncoder.getInstance();
        }
    }
    val encoderType = PasswordEncoderProperties.PasswordEncoderTypes.valueOf(type);
    switch(encoderType) {
        case DEFAULT:
            LOGGER.debug("Creating default password encoder with encoding alg [{}] and character encoding [{}]", properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
            return new DefaultPasswordEncoder(properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
        case STANDARD:
            LOGGER.debug("Creating standard password encoder with the secret defined in the configuration");
            return new StandardPasswordEncoder(properties.getSecret());
        case BCRYPT:
            LOGGER.debug("Creating BCRYPT password encoder given the strength [{}] and secret in the configuration", properties.getStrength());
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.debug("Creating BCRYPT encoder without secret");
                return new BCryptPasswordEncoder(properties.getStrength());
            }
            LOGGER.debug("Creating BCRYPT encoder with secret");
            return new BCryptPasswordEncoder(properties.getStrength(), RandomUtils.getNativeInstance());
        case SCRYPT:
            LOGGER.debug("Creating SCRYPT encoder");
            return new SCryptPasswordEncoder();
        case SSHA:
            LOGGER.warn("Creating SSHA encoder; digest based password encoding is not considered secure. " + "This strategy is here to support legacy implementations and using it is considered insecure.");
            return new LdapShaPasswordEncoder();
        case PBKDF2:
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.trace("Creating PBKDF2 encoder without secret");
                return new Pbkdf2PasswordEncoder();
            }
            return new Pbkdf2PasswordEncoder(properties.getSecret(), properties.getStrength(), HASH_WIDTH);
        case GLIBC_CRYPT:
            val hasSecret = StringUtils.isNotBlank(properties.getSecret());
            val msg = String.format("Creating glibc CRYPT encoder with encoding alg [%s], strength [%s] and %ssecret", properties.getEncodingAlgorithm(), properties.getStrength(), BooleanUtils.toString(hasSecret, StringUtils.EMPTY, "without "));
            LOGGER.debug(msg);
            return new GlibcCryptPasswordEncoder(properties.getEncodingAlgorithm(), properties.getStrength(), properties.getSecret());
        case NONE:
        default:
            LOGGER.trace("No password encoder shall be created given the requested encoder type [{}]", type);
            return NoOpPasswordEncoder.getInstance();
    }
}

Example 2 with LdapShaPasswordEncoder

use of org.springframework.security.crypto.password.LdapShaPasswordEncoder in project metron by apache.

the class WebSecurityConfig method configureJdbc.

@Autowired
public void configureJdbc(AuthenticationManagerBuilder auth) throws Exception {
    // Note that we can switch profiles on the fly in Ambari.
    List<String> activeProfiles = Arrays.asList(environment.getActiveProfiles());
    if (activeProfiles.contains(MetronRestConstants.LDAP_PROFILE)) {
        LOG.info("Setting up LDAP authentication; url={}.", providerUrl);
        LdapAuthenticationProviderConfigurer providerConf = auth.ldapAuthentication().authoritiesMapper(authoritiesMapper).userDnPatterns(userDnPatterns).userSearchBase(userSearchBase).userSearchFilter(userSearchFilter).groupRoleAttribute(groupRoleAttribute).groupSearchFilter(groupSearchFilter).groupSearchBase(groupSearchBase).contextSource().url(providerUrl).managerDn(providerUserDn).managerPassword(providerPassword).and();
        if (StringUtils.isNotBlank(passwordAttribute)) {
            // if a password attribute is provided, use that for authentication
            providerConf.passwordCompare().passwordEncoder(new LdapShaPasswordEncoder()).passwordAttribute(passwordAttribute);
        } else {
            // if no password attribute, set encoder to null which forces bind authentication
            providerConf.passwordCompare().passwordEncoder(null);
        }
    } else if (activeProfiles.contains(MetronRestConstants.DEV_PROFILE) || activeProfiles.contains(MetronRestConstants.TEST_PROFILE)) {
        LOG.info("Setting up JDBC authentication with dev/test profiles");
        auth.jdbcAuthentication().dataSource(dataSource).withUser("user").password("password").roles(SECURITY_ROLE_USER).and().withUser("user1").password("password").roles(SECURITY_ROLE_USER).and().withUser("user2").password("password").roles(SECURITY_ROLE_USER).and().withUser("admin").password("password").roles(SECURITY_ROLE_USER, SECURITY_ROLE_ADMIN);
    } else {
        LOG.debug("Setting up JDBC authentication");
        auth.jdbcAuthentication().dataSource(dataSource);
    }
}

Example 3 with LdapShaPasswordEncoder

use of org.springframework.security.crypto.password.LdapShaPasswordEncoder in project spring-security by spring-projects.

the class PasswordComparisonAuthenticatorTests method testLdapCompareSucceedsWithShaEncodedPassword.

@Test
public void testLdapCompareSucceedsWithShaEncodedPassword() {
    // Don't retrieve the password
    this.authenticator.setUserAttributes(new String[] { "uid" });
    this.authenticator.setPasswordEncoder(new LdapShaPasswordEncoder(KeyGenerators.shared(0)));
    this.authenticator.setUsePasswordAttrCompare(false);
    this.authenticator.authenticate(this.ben);
}