Package org.springframework.security.web.authentication.password

Class HaveIBeenPwnedRestApiReactivePasswordChecker

java.lang.Object

org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker

All Implemented Interfaces:

ReactiveCompromisedPasswordChecker

public class HaveIBeenPwnedRestApiReactivePasswordChecker
extends Object
implements ReactiveCompromisedPasswordChecker

Checks if the provided password was leaked by relying on Have I Been Pwned REST API. This implementation uses the Search by Range in order to protect the value of the source password being searched for.

Since:

6.3

Constructor Summary

Constructors

Constructor	Description
HaveIBeenPwnedRestApiReactivePasswordChecker()

Method Summary

Modifier and Type	Method	Description
reactor.core.publisher.Mono<CompromisedPasswordDecision>	check(String password)	Check whether the password is compromised
void	setWebClient(org.springframework.web.reactive.function.client.WebClient webClient)	Sets the WebClient to use when making requests to Have I Been Pwned REST API.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HaveIBeenPwnedRestApiReactivePasswordChecker

public HaveIBeenPwnedRestApiReactivePasswordChecker()

Method Details

check

public reactor.core.publisher.Mono<CompromisedPasswordDecision> check(String password)

Description copied from interface: ReactiveCompromisedPasswordChecker

Check whether the password is compromised

Specified by:

check in interface ReactiveCompromisedPasswordChecker

Parameters:

password - the password to check

Returns:

a Mono containing the CompromisedPasswordDecision

setWebClient

public void setWebClient(org.springframework.web.reactive.function.client.WebClient webClient)

Sets the WebClient to use when making requests to Have I Been Pwned REST API. By default, a WebClient with a base URL of API_URL is used.

Parameters:

webClient - the WebClient to use