Package org.springframework.security.web.authentication.password

Class HaveIBeenPwnedRestApiPasswordChecker

java.lang.Object

org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker

All Implemented Interfaces:

CompromisedPasswordChecker

public final class HaveIBeenPwnedRestApiPasswordChecker
extends Object
implements CompromisedPasswordChecker

Checks if the provided password was leaked by relying on Have I Been Pwned REST API. This implementation uses the Search by Range in order to protect the value of the source password being searched for.

Since:

6.3

Constructor Summary

Constructors

Constructor	Description
HaveIBeenPwnedRestApiPasswordChecker()

Method Summary

Modifier and Type	Method	Description
CompromisedPasswordDecision	check(String password)	Check whether the password is compromised
void	setRestClient(org.springframework.web.client.RestClient restClient)	Sets the RestClient to use when making requests to Have I Been Pwned REST API.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HaveIBeenPwnedRestApiPasswordChecker

public HaveIBeenPwnedRestApiPasswordChecker()

Method Details

check

@NonNull
public CompromisedPasswordDecision check(String password)

Description copied from interface: CompromisedPasswordChecker

Check whether the password is compromised

Specified by:

check in interface CompromisedPasswordChecker

Parameters:

password - the password to check

Returns:

a non-null CompromisedPasswordDecision

setRestClient

public void setRestClient(org.springframework.web.client.RestClient restClient)

Sets the RestClient to use when making requests to Have I Been Pwned REST API. By default, a RestClient with a base URL of API_URL is used.

Parameters:

restClient - the RestClient to use