Class BalloonHashingPassword4jPasswordEncoder
java.lang.Object
org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder
org.springframework.security.crypto.password4j.BalloonHashingPassword4jPasswordEncoder
- All Implemented Interfaces:
PasswordEncoder
Implementation of
PasswordEncoder
that uses the Password4j library with Balloon hashing algorithm.
Balloon hashing is a memory-hard password hashing algorithm designed to be resistant to both time-memory trade-off attacks and side-channel attacks. This implementation handles the salt management explicitly since Password4j's Balloon hashing implementation does not include the salt in the output hash.
The encoded password format is: {salt}:{hash} where both salt and hash are Base64 encoded.
This implementation is thread-safe and can be shared across multiple threads.
Usage Examples:
// Using default Balloon hashing settings (recommended)
PasswordEncoder encoder = new BalloonHashingPassword4jPasswordEncoder();
// Using custom Balloon hashing function
PasswordEncoder customEncoder = new BalloonHashingPassword4jPasswordEncoder(
BalloonHashingFunction.getInstance(1024, 3, 4, "SHA-256"));
- Since:
- 7.0
- See Also:
-
BalloonHashingFunctionAlgorithmFinder.getBalloonHashingInstance()
-
Constructor Summary
ConstructorsConstructorDescriptionConstructs a Balloon hashing password encoder using the default Balloon hashing configuration from Password4j's AlgorithmFinder.BalloonHashingPassword4jPasswordEncoder(com.password4j.BalloonHashingFunction balloonHashingFunction) Constructs a Balloon hashing password encoder with a custom Balloon hashing function.BalloonHashingPassword4jPasswordEncoder(com.password4j.BalloonHashingFunction balloonHashingFunction, int saltLength) Constructs a Balloon hashing password encoder with a custom Balloon hashing function and salt length. -
Method Summary
Modifier and TypeMethodDescriptionprotected StringencodeNonNullPassword(String rawPassword) protected booleanmatchesNonNull(String rawPassword, String encodedPassword) protected booleanupgradeEncodingNonNull(String encodedPassword) Methods inherited from class org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder
encode, matches, upgradeEncoding
-
Constructor Details
-
BalloonHashingPassword4jPasswordEncoder
public BalloonHashingPassword4jPasswordEncoder()Constructs a Balloon hashing password encoder using the default Balloon hashing configuration from Password4j's AlgorithmFinder. -
BalloonHashingPassword4jPasswordEncoder
public BalloonHashingPassword4jPasswordEncoder(com.password4j.BalloonHashingFunction balloonHashingFunction) Constructs a Balloon hashing password encoder with a custom Balloon hashing function.- Parameters:
balloonHashingFunction- the Balloon hashing function to use for encoding passwords, must not be null- Throws:
IllegalArgumentException- if balloonHashingFunction is null
-
BalloonHashingPassword4jPasswordEncoder
public BalloonHashingPassword4jPasswordEncoder(com.password4j.BalloonHashingFunction balloonHashingFunction, int saltLength) Constructs a Balloon hashing password encoder with a custom Balloon hashing function and salt length.- Parameters:
balloonHashingFunction- the Balloon hashing function to use for encoding passwords, must not be nullsaltLength- the length of the salt in bytes, must be positive- Throws:
IllegalArgumentException- if balloonHashingFunction is null or saltLength is not positive
-
-
Method Details
-
encodeNonNullPassword
- Specified by:
encodeNonNullPasswordin classAbstractValidatingPasswordEncoder
-
matchesNonNull
- Specified by:
matchesNonNullin classAbstractValidatingPasswordEncoder
-
upgradeEncodingNonNull
- Overrides:
upgradeEncodingNonNullin classAbstractValidatingPasswordEncoder
-