17776e4738
Merge Fix Flaky Crypto Tests
2026-03-03 15:26:53 -06:00
1261c229a3
Fix Flaky Crypto Tests
...
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.
This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
2026-03-03 14:52:28 -06:00
a32d9f04e3
Revert "Use project.artifactory(Username|Password)"
...
This reverts commit 9c449000dc
2026-01-12 16:04:56 -06:00
9c449000dc
Use project.artifactory(Username|Password)
2026-01-12 15:48:47 -06:00
63f28a7e1f
Merge branch '6.5.x'
2025-11-04 14:04:56 -07:00
f988272fff
Merge branch '6.4.x' into 6.5.x
2025-11-04 14:04:29 -07:00
532d0bef14
Add Test to Confirm 72-byte BCrypt Password Limit
...
Closes gh-18133
2025-11-04 14:04:02 -07:00
d0372efadd
Use include-code for password4j docs
...
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.
Issue gh-17706
2025-09-15 11:03:44 -05:00
2d74f9c334
Create a specific implementation for BalloonHashing and PBKDF2 password encoders using Password4j library
...
Closes gh-17706
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:41 +03:30
8c2ad4e4d1
Add Argon2 and BCrypt and Scrypt password encoders using Password4j library
...
Closes gh-17706
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:41 +03:30
9f5d27e8d0
Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation
...
Closes gh-17706
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:40 +03:30
bd593a63d0
Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation
...
Closes gh-17706
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Add Password4jPasswordEncoder for enhanced password hashing support
Signed-off-by: M.Bozorgmehr <m.bozorgmehr@emofid.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Add Password4jPasswordEncoder for enhanced password hashing support
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:40 +03:30
f6cb0bd610
Merge Use 2004-present Copyright Header
...
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
2025-07-29 10:52:42 -05:00
2fdca16c1a
Merge branch '6.4.x' into 6.5.x
...
Closes gh-17634
2025-07-29 09:47:52 -05:00
392129b616
Use 2004-present Copyright Header
...
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.
The commit updated etc/checkstyle/header.txt
It also updated the copyright headers using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Closes gh-17633
2025-07-29 09:45:23 -05:00
7c887d2da1
Add nullability to spring-security-core
...
Closes gh-17534
2025-07-22 16:29:13 -05:00
9db1ffbd79
Add Nullability to spring-security-crypto
...
Closes gh-17533
2025-07-22 16:29:13 -05:00
2f53a2edb3
Removed deprecated Base64 of crypto package
...
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com >
2025-06-27 14:24:54 -05:00
3b492a9628
remove 32-byte minimum keyLength restriction in Base64StringKeyGenerator ( #17012 )
...
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
2025-05-14 11:41:30 -05:00
d52289bd7a
Remove Unnecessary Backwards Compatability
...
Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated,
we should no longer support it (as it will likely be removed from Bouncy Castle)
2025-05-07 11:19:27 -05:00
5eb232cd3d
Polish gh-16164
2025-05-07 11:19:27 -05:00
2b22cf2877
Replace BouncyCastle's deprecated AESFastEngine with the default AESEngine
...
- Update AESEngine to use the default AES engine, following BouncyCastle's recommendations
(see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56 ).
- Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation")
- Remove @SuppressWarnings("deprecation")
2025-05-07 11:19:27 -05:00
a80592a707
Use commons-logging directly
...
Closes gh-17061
2025-05-06 13:27:13 -05:00
eda9142b6b
Merge branch '6.4.x'
2025-04-28 11:13:50 -06:00
e6957bb854
Merge branch '6.3.x' into 6.4.x
2025-04-28 11:13:09 -06:00
547d174f3e
Fix Formatting
2025-04-24 10:43:03 -06:00
d2d1275b39
Fix IllegalArgumentException message for unknown Argon2 types
...
Array index 0 points to an empty string. Use index 1 instead.
Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com >
2025-04-24 10:43:03 -06:00
ef4479a554
Merge branch '6.4.x'
2025-04-17 05:31:29 -04:00
cb60d8b3ed
Merge branch '6.3.x' into 6.4.x
...
Closes gh-16951
2025-04-17 05:17:38 -04:00
c1aa99fdd2
Enforce BCrypt password length for new passwords only
...
Closes gh-16802
2025-04-17 04:53:33 -04:00
8d7f6acab6
Typo in Base64StringKeyGenerator exception message
...
Signed-off-by: James Howe <675056+OrangeDog@users.noreply.github.com >
2025-04-08 09:56:14 -06:00
e6223dede3
Merge branch '6.4.x'
...
- adb303e
2025-03-17 14:34:18 -05:00
05116eabbd
Merge branch '6.3.x' into 6.4.x
...
- adb303e
2025-03-17 14:18:49 -05:00
adb303e152
Add testRuntimeOnly junit-platform-launcher
...
Closes gh-16755
2025-03-17 14:16:44 -05:00
b97b555fde
Merge branch '6.4.x'
2025-03-17 14:05:46 -04:00
806a0474f4
Merge branch '6.3.x' into 6.4.x
2025-03-17 13:52:36 -04:00
46f0dc6dfc
Enforce BCrypt password length
2025-03-17 13:23:27 -04:00
b56650100a
Removes the use of StringUtils from DelegatingPasswordEncoder
...
Closes gh-16442
Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com >
2025-01-31 15:43:24 -06:00
244fd2eb51
Support Serialization in Exceptions
...
Issue gh-16276
2025-01-14 18:37:53 -07:00
c2cfe92a02
Merge branch '6.3.x'
2024-11-18 05:16:16 -05:00
709103e38c
Merge branch '6.2.x' into 6.3.x
2024-11-18 04:45:38 -05:00
a8c4d6cead
Require Locale argument for toLower/toUpperCase usage
2024-11-18 04:22:26 -05:00
b90851d968
Improve Error Messages for PasswordEncoder
...
Closes gh-14880
Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com >
2024-09-17 14:16:08 -07:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
9d486ee4f4
Merge branch '6.1.x' into 6.2.x
2024-04-26 17:21:14 -06:00
1b8cf6cc55
Merge branch '5.8.x' into 6.1.x
2024-04-26 17:21:06 -06:00
e5ee45d568
Fix Import Error
...
Issue gh-14880
2024-04-26 17:20:53 -06:00
e7610027ae
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14974
2024-04-26 17:13:52 -06:00
38ae090d3d
Merge branch '5.8.x' into 6.1.x
...
Closes gh-14973
2024-04-26 17:13:39 -06:00
3b9991fc89
Improve PasswordEncoder Error Messaging
...
Closes gh-14880
2024-04-26 17:13:17 -06:00
Robert Winch