Package org.springframework.security.web.authentication.password

Class HaveIBeenPwnedRestApiPasswordChecker

java.lang.Object

org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker

All Implemented Interfaces:

org.springframework.security.authentication.password.CompromisedPasswordChecker

public final class HaveIBeenPwnedRestApiPasswordChecker
extends Object
implements org.springframework.security.authentication.password.CompromisedPasswordChecker

Checks if the provided password was leaked by relying on Have I Been Pwned REST API. This implementation uses the Search by Range in order to protect the value of the source password being searched for.

Since:

6.3

Constructor Summary

Constructors

Constructor	Description
HaveIBeenPwnedRestApiPasswordChecker()

Method Summary

Modifier and Type	Method	Description
org.springframework.security.authentication.password.CompromisedPasswordDecision	check(String password)
void	setRestClient(org.springframework.web.client.RestClient restClient)	Sets the RestClient to use when making requests to Have I Been Pwned REST API.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HaveIBeenPwnedRestApiPasswordChecker

public HaveIBeenPwnedRestApiPasswordChecker()

Method Details

check

@NonNull
public org.springframework.security.authentication.password.CompromisedPasswordDecision check(String password)

Specified by:

check in interface org.springframework.security.authentication.password.CompromisedPasswordChecker

setRestClient

public void setRestClient(org.springframework.web.client.RestClient restClient)

Sets the RestClient to use when making requests to Have I Been Pwned REST API. By default, a RestClient with a base URL of API_URL is used.

Parameters:

restClient - the RestClient to use