Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jpa-security custom password type #14785

Merged
merged 1 commit into from
Feb 15, 2021
Merged

jpa-security custom password type #14785

merged 1 commit into from
Feb 15, 2021

Conversation

antoniodvr
Copy link
Contributor

@antoniodvr antoniodvr commented Feb 3, 2021
edited
Loading

Fix #14284

Changes

  • Add CUSTOM attribute to the enum PasswordType.
  • Add provider attribute to the annotation Password
  • Manage the new type CUSTOM in QuarkusSecurityJpaProcessor.java
  • Add tests
  • Update documentation

Usage

@UserDefinition
@Table(name = "test_user")
@Entity
public class CustomPasswordUserEntity {
    @Id
    @GeneratedValue
    public Long id;
    @Column(name = "username")
    @Username
    public String name;
    @Column(name = "password")
    @Password(value = PasswordType.CUSTOM, provider = CustomPasswordProvider.class)
    public String pass;
    @Roles
    public String role;
}

public class CustomPasswordProvider implements PasswordProvider {
    @Override
    public Password getPassword(String pass) {
        byte[] digest = DatatypeConverter.parseHexBinary(pass);
        return SimpleDigestPassword.createRaw(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256, digest);
    }
}

/cc @FroMage @gsmet

@ghost ghost added the area/documentation label Feb 3, 2021
FroMage
FroMage reviewed Feb 3, 2021
View reviewed changes
Copy link
Member

@FroMage FroMage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM, but I wonder if we shouldn't store the instance of PasswordProvider in the generated class, instead of re-creating it every time we need it?
WDYT?

@antoniodvr
Copy link
Contributor Author

This LGTM, but I wonder if we shouldn't store the instance of PasswordProvider in the generated class, instead of re-creating it every time we need it?
WDYT?

Absolutely agree

@antoniodvr
Copy link
Contributor Author

@FroMage PR updated!

FroMage
FroMage requested changes Feb 12, 2021
View reviewed changes
Copy link
Member

@FroMage FroMage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a tiny remark left. But this looks good. Can you squash your commits, though?

...deployment/src/main/java/io/quarkus/security/jpa/deployment/QuarkusSecurityJpaProcessor.java Outdated Show resolved Hide resolved
@antoniodvr
Copy link
Contributor Author

Just a tiny remark left. But this looks good. Can you squash your commits, though?

Done. Running checks...

@FroMage FroMage merged commit ab8b75f into quarkusio:master Feb 15, 2021
@quarkus-bot quarkus-bot bot added this to the 1.13 - master milestone Feb 15, 2021
@FroMage
Copy link
Member

FroMage commented Feb 15, 2021

OK merged, thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FroMage FroMage FroMage approved these changes

Assignees
No one assigned
Labels
area/documentation
Projects
None yet
Milestone
1.13.0.CR1
Development

Successfully merging this pull request may close these issues.

security-jpa custom cypher for passwords
2 participants
@antoniodvr @FroMage