zhouxy108/wisemapping-open-source
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix password encoder for compatibility

Browse Source
This commit is contained in:
Paulo Gustavo Veiga
2020-11-08 12:08:13 -08:00
parent 1a524434da
commit 430b30bffb
6 changed files with 51 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
wise-webapp/src/main/java/com/wisemapping/security/DefaultPasswordEncoderFactories.java Normal file
View File

@@ -0,0 +1,26 @@
package com.wisemapping.security;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import java.util.HashMap;
import java.util.Map;
public class DefaultPasswordEncoderFactories {
private static final String ENCODING_ID = "bcrypt";
@SuppressWarnings("deprecation")
static PasswordEncoder createDelegatingPasswordEncoder() {
final Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(ENCODING_ID, new BCryptPasswordEncoder(16));
DelegatingPasswordEncoder result = new DelegatingPasswordEncoder(ENCODING_ID, encoders);
result.setDefaultPasswordEncoderForMatches(new LegacyPasswordEncoder());
return result;
}
}

28
wise-webapp/src/main/java/com/wisemapping/security/CustomPasswordEncoder.java → wise-webapp/src/main/java/com/wisemapping/security/LegacyPasswordEncoder.java
View File

@@ -18,27 +18,37 @@
package com.wisemapping.security;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.apache.log4j.Logger;
import org.springframework.security.crypto.password.PasswordEncoder;
public class CustomPasswordEncoder implements PasswordEncoder {
@SuppressWarnings("deprecation")
public class LegacyPasswordEncoder implements PasswordEncoder {
final private static Logger logger = Logger.getLogger("com.wisemapping.security.LegacyPasswordEncoder");
private static final String ENC_PREFIX = "ENC:";
private BCryptPasswordEncoder delegateEncoder = new BCryptPasswordEncoder(16);
private static final PasswordEncoder sha1Encoder = new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1");
@Override
public String encode(CharSequence rawPassword) {
String password = rawPassword.toString();
if(!rawPassword.toString().startsWith(ENC_PREFIX)) {
password = ENC_PREFIX + delegateEncoder.encode(rawPassword);
logger.info("LegacyPasswordEncoder encode executed.");
String result = rawPassword.toString();
if (!rawPassword.toString().startsWith(ENC_PREFIX)) {
result = ENC_PREFIX + sha1Encoder.encode(rawPassword);
}
return password;
return result;
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
String encodedRawPassword = delegateEncoder.encode(rawPassword);
return delegateEncoder.matches(encodedRawPassword, encodedPassword);
String newEncodedPassword = encodedPassword;
if (encodedPassword.startsWith(ENC_PREFIX)) {
newEncodedPassword = encode(rawPassword);
}
return newEncodedPassword.equals(encodedPassword);
}
}