Class HaveIBeenPwnedRestApiPasswordChecker
java.lang.Object
org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
- All Implemented Interfaces:
CompromisedPasswordChecker
public final class HaveIBeenPwnedRestApiPasswordChecker
extends Object
implements CompromisedPasswordChecker
Checks if the provided password was leaked by relying on
Have I Been Pwned REST
API. This implementation uses the Search by Range in order to protect the value of
the source password being searched for.
- Since:
- 6.3
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionCheck whether the password is compromisedvoid
setRestClient
(org.springframework.web.client.RestClient restClient) Sets theRestClient
to use when making requests to Have I Been Pwned REST API.
-
Constructor Details
-
HaveIBeenPwnedRestApiPasswordChecker
public HaveIBeenPwnedRestApiPasswordChecker()
-
-
Method Details
-
check
Description copied from interface:CompromisedPasswordChecker
Check whether the password is compromised- Specified by:
check
in interfaceCompromisedPasswordChecker
- Parameters:
password
- the password to check- Returns:
- a non-null
CompromisedPasswordDecision
-
setRestClient
public void setRestClient(org.springframework.web.client.RestClient restClient) Sets theRestClient
to use when making requests to Have I Been Pwned REST API. By default, aRestClient
with a base URL ofAPI_URL
is used.- Parameters:
restClient
- theRestClient
to use
-