Package org.springframework.security.crypto.password4j

Class Pbkdf2Password4jPasswordEncoder

java.lang.Object

org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder

org.springframework.security.crypto.password4j.Pbkdf2Password4jPasswordEncoder

All Implemented Interfaces:

PasswordEncoder

public class Pbkdf2Password4jPasswordEncoder
extends AbstractValidatingPasswordEncoder

Implementation of PasswordEncoder that uses the Password4j library with PBKDF2 hashing algorithm.

PBKDF2 is a key derivation function designed to be computationally expensive to thwart dictionary and brute force attacks. This implementation handles the salt management explicitly since Password4j's PBKDF2 implementation does not include the salt in the output hash.

The encoded password format is: {salt}:{hash} where both salt and hash are Base64 encoded.

This implementation is thread-safe and can be shared across multiple threads.

Usage Examples:

 // Using default PBKDF2 settings (recommended)
 PasswordEncoder encoder = new Pbkdf2Password4jPasswordEncoder();

 // Using custom PBKDF2 function
 PasswordEncoder customEncoder = new Pbkdf2Password4jPasswordEncoder(
     PBKDF2Function.getInstance(Algorithm.HMAC_SHA256, 100000, 256));
 

Since:

7.0

See Also:

• PBKDF2Function
• AlgorithmFinder.getPBKDF2Instance()

Constructor Summary

Constructors

Constructor	Description
Pbkdf2Password4jPasswordEncoder()	Constructs a PBKDF2 password encoder using the default PBKDF2 configuration from Password4j's AlgorithmFinder.
Pbkdf2Password4jPasswordEncoder(com.password4j.PBKDF2Function pbkdf2Function)	Constructs a PBKDF2 password encoder with a custom PBKDF2 function.
Pbkdf2Password4jPasswordEncoder(com.password4j.PBKDF2Function pbkdf2Function, int saltLength)	Constructs a PBKDF2 password encoder with a custom PBKDF2 function and salt length.

Method Summary

Modifier and Type	Method	Description
protected String	encodeNonNullPassword(String rawPassword)
protected boolean	matchesNonNull(String rawPassword, String encodedPassword)
protected boolean	upgradeEncodingNonNull(String encodedPassword)

Methods inherited from class org.springframework.security.crypto.password.AbstractValidatingPasswordEncoder

encode, matches, upgradeEncoding

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Pbkdf2Password4jPasswordEncoder

public Pbkdf2Password4jPasswordEncoder()

Constructs a PBKDF2 password encoder using the default PBKDF2 configuration from Password4j's AlgorithmFinder.

Pbkdf2Password4jPasswordEncoder

public Pbkdf2Password4jPasswordEncoder(com.password4j.PBKDF2Function pbkdf2Function)

Constructs a PBKDF2 password encoder with a custom PBKDF2 function.

Parameters:

pbkdf2Function - the PBKDF2 function to use for encoding passwords, must not be null

Throws:

IllegalArgumentException - if pbkdf2Function is null

Pbkdf2Password4jPasswordEncoder

public Pbkdf2Password4jPasswordEncoder(com.password4j.PBKDF2Function pbkdf2Function,
 int saltLength)

Constructs a PBKDF2 password encoder with a custom PBKDF2 function and salt length.

Parameters:

pbkdf2Function - the PBKDF2 function to use for encoding passwords, must not be null

saltLength - the length of the salt in bytes, must be positive

Throws:

IllegalArgumentException - if pbkdf2Function is null or saltLength is not positive

Method Details

encodeNonNullPassword

protected String encodeNonNullPassword(String rawPassword)

Specified by:

encodeNonNullPassword in class AbstractValidatingPasswordEncoder

matchesNonNull

protected boolean matchesNonNull(String rawPassword,
 String encodedPassword)

Specified by:

matchesNonNull in class AbstractValidatingPasswordEncoder

upgradeEncodingNonNull

protected boolean upgradeEncodingNonNull(String encodedPassword)

Overrides:

upgradeEncodingNonNull in class AbstractValidatingPasswordEncoder