39544e1b9e
Fail build on Javadoc warnings in crypto module
...
Apply the javadoc-warnings-error plugin to spring-security-crypto to
ensure that new Javadoc warnings fail the build and prevent regressions.
Closes gh-18450
Signed-off-by: Jeongwon Been <congcoding@gmail.com >
2026-01-21 16:41:34 -06:00
d07d3a13d1
Fix Javadoc warnings in Argon2PasswordEncoder
...
Wrap bit-shift expressions in {@code ...} so that Javadoc does not parse
'<' as HTML and emit invalid input warnings.
Signed-off-by: Jeongwon Been <congcoding@gmail.com >
2026-01-21 16:41:34 -06:00
7ca0f7723e
Fix checkstyle
2026-01-12 16:28:22 -06:00
a612522ecd
Add nullability contract to PasswordEncoder#encode
...
Signed-off-by: Stefano Cordio <stefano.cordio@gmail.com >
2026-01-12 16:28:22 -06:00
a32d9f04e3
Revert "Use project.artifactory(Username|Password)"
...
This reverts commit 9c449000dc
2026-01-12 16:04:56 -06:00
9c449000dc
Use project.artifactory(Username|Password)
2026-01-12 15:48:47 -06:00
63f28a7e1f
Merge branch '6.5.x'
2025-11-04 14:04:56 -07:00
f988272fff
Merge branch '6.4.x' into 6.5.x
2025-11-04 14:04:29 -07:00
532d0bef14
Add Test to Confirm 72-byte BCrypt Password Limit
...
Closes gh-18133
2025-11-04 14:04:02 -07:00
d0372efadd
Use include-code for password4j docs
...
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.
Issue gh-17706
2025-09-15 11:03:44 -05:00
2d74f9c334
Create a specific implementation for BalloonHashing and PBKDF2 password encoders using Password4j library
...
Closes gh-17706
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:41 +03:30
8c2ad4e4d1
Add Argon2 and BCrypt and Scrypt password encoders using Password4j library
...
Closes gh-17706
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:41 +03:30
9f5d27e8d0
Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation
...
Closes gh-17706
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:40 +03:30
bd593a63d0
Refactor Password4jPasswordEncoder to use AlgorithmFinder for algorithm selection and enhance documentation
...
Closes gh-17706
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Add Password4jPasswordEncoder for enhanced password hashing support
Signed-off-by: M.Bozorgmehr <m.bozorgmehr@emofid.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Add Password4jPasswordEncoder for enhanced password hashing support
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: Mehrdad <mehrdad.bozorgmehr@gmail.com >
Signed-off-by: M.Bozorgmehr <mehrdad.bozorgmehr@gmail.com >
2025-09-13 09:27:40 +03:30
f6cb0bd610
Merge Use 2004-present Copyright Header
...
The original merge into main did not apply the changes. This fixes it.
Closes gh-17635
2025-07-29 10:52:42 -05:00
2fdca16c1a
Merge branch '6.4.x' into 6.5.x
...
Closes gh-17634
2025-07-29 09:47:52 -05:00
392129b616
Use 2004-present Copyright Header
...
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.
The commit updated etc/checkstyle/header.txt
It also updated the copyright headers using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Closes gh-17633
2025-07-29 09:45:23 -05:00
7c887d2da1
Add nullability to spring-security-core
...
Closes gh-17534
2025-07-22 16:29:13 -05:00
9db1ffbd79
Add Nullability to spring-security-crypto
...
Closes gh-17533
2025-07-22 16:29:13 -05:00
2f53a2edb3
Removed deprecated Base64 of crypto package
...
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com >
2025-06-27 14:24:54 -05:00
3b492a9628
remove 32-byte minimum keyLength restriction in Base64StringKeyGenerator ( #17012 )
...
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
2025-05-14 11:41:30 -05:00
d52289bd7a
Remove Unnecessary Backwards Compatability
...
Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated,
we should no longer support it (as it will likely be removed from Bouncy Castle)
2025-05-07 11:19:27 -05:00
5eb232cd3d
Polish gh-16164
2025-05-07 11:19:27 -05:00
2b22cf2877
Replace BouncyCastle's deprecated AESFastEngine with the default AESEngine
...
- Update AESEngine to use the default AES engine, following BouncyCastle's recommendations
(see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56 ).
- Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation")
- Remove @SuppressWarnings("deprecation")
2025-05-07 11:19:27 -05:00
a80592a707
Use commons-logging directly
...
Closes gh-17061
2025-05-06 13:27:13 -05:00
eda9142b6b
Merge branch '6.4.x'
2025-04-28 11:13:50 -06:00
e6957bb854
Merge branch '6.3.x' into 6.4.x
2025-04-28 11:13:09 -06:00
547d174f3e
Fix Formatting
2025-04-24 10:43:03 -06:00
d2d1275b39
Fix IllegalArgumentException message for unknown Argon2 types
...
Array index 0 points to an empty string. Use index 1 instead.
Signed-off-by: Roman Trapickin <8594293+rntrp@users.noreply.github.com >
2025-04-24 10:43:03 -06:00
ef4479a554
Merge branch '6.4.x'
2025-04-17 05:31:29 -04:00
cb60d8b3ed
Merge branch '6.3.x' into 6.4.x
...
Closes gh-16951
2025-04-17 05:17:38 -04:00
c1aa99fdd2
Enforce BCrypt password length for new passwords only
...
Closes gh-16802
2025-04-17 04:53:33 -04:00
8d7f6acab6
Typo in Base64StringKeyGenerator exception message
...
Signed-off-by: James Howe <675056+OrangeDog@users.noreply.github.com >
2025-04-08 09:56:14 -06:00
e6223dede3
Merge branch '6.4.x'
...
- adb303e
2025-03-17 14:34:18 -05:00
05116eabbd
Merge branch '6.3.x' into 6.4.x
...
- adb303e
2025-03-17 14:18:49 -05:00
adb303e152
Add testRuntimeOnly junit-platform-launcher
...
Closes gh-16755
2025-03-17 14:16:44 -05:00
b97b555fde
Merge branch '6.4.x'
2025-03-17 14:05:46 -04:00
806a0474f4
Merge branch '6.3.x' into 6.4.x
2025-03-17 13:52:36 -04:00
46f0dc6dfc
Enforce BCrypt password length
2025-03-17 13:23:27 -04:00
b56650100a
Removes the use of StringUtils from DelegatingPasswordEncoder
...
Closes gh-16442
Signed-off-by: Christian Hösel <ChristianHoesel@users.noreply.github.com >
2025-01-31 15:43:24 -06:00
244fd2eb51
Support Serialization in Exceptions
...
Issue gh-16276
2025-01-14 18:37:53 -07:00
c2cfe92a02
Merge branch '6.3.x'
2024-11-18 05:16:16 -05:00
709103e38c
Merge branch '6.2.x' into 6.3.x
2024-11-18 04:45:38 -05:00
a8c4d6cead
Require Locale argument for toLower/toUpperCase usage
2024-11-18 04:22:26 -05:00
b90851d968
Improve Error Messages for PasswordEncoder
...
Closes gh-14880
Signed-off-by: Jonny Coddington <bottlerocketjonny@protonmail.com >
2024-09-17 14:16:08 -07:00
08f11f06ab
Revert unnecessary commits from main
...
Issue gh-15016
2024-05-08 13:49:18 -03:00
9d486ee4f4
Merge branch '6.1.x' into 6.2.x
2024-04-26 17:21:14 -06:00
1b8cf6cc55
Merge branch '5.8.x' into 6.1.x
2024-04-26 17:21:06 -06:00
e5ee45d568
Fix Import Error
...
Issue gh-14880
2024-04-26 17:20:53 -06:00
e7610027ae
Merge branch '6.1.x' into 6.2.x
...
Closes gh-14974
2024-04-26 17:13:52 -06:00
Jeongwon Been