diff --git a/src/main/java/com/ard333/springbootwebfluxjjwt/security/PBKDF2Encoder.java b/src/main/java/com/ard333/springbootwebfluxjjwt/security/PBKDF2Encoder.java index 920e9ed..06e7da4 100644 --- a/src/main/java/com/ard333/springbootwebfluxjjwt/security/PBKDF2Encoder.java +++ b/src/main/java/com/ard333/springbootwebfluxjjwt/security/PBKDF2Encoder.java @@ -16,8 +16,14 @@ import org.springframework.stereotype.Component; @Component public class PBKDF2Encoder implements PasswordEncoder{ - @Value("${springbootwebfluxjjwt.password.secret}") + @Value("${springbootwebfluxjjwt.password.encoder.secret}") private String secret; + + @Value("${springbootwebfluxjjwt.password.encoder.iteration}") + private Integer iteration; + + @Value("${springbootwebfluxjjwt.password.encoder.keylength}") + private Integer keylength; /** * More info (https://www.owasp.org/index.php/Hashing_Java) @@ -28,7 +34,7 @@ public class PBKDF2Encoder implements PasswordEncoder{ public String encode(CharSequence cs) { try { byte[] result = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512") - .generateSecret(new PBEKeySpec(cs.toString().toCharArray(), secret.getBytes(), 33, 256)) + .generateSecret(new PBEKeySpec(cs.toString().toCharArray(), secret.getBytes(), iteration, keylength)) .getEncoded(); return Base64.getEncoder().encodeToString(result); } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { diff --git a/src/main/java/com/ard333/springbootwebfluxjjwt/service/UserService.java b/src/main/java/com/ard333/springbootwebfluxjjwt/service/UserService.java index 663eab7..963988b 100644 --- a/src/main/java/com/ard333/springbootwebfluxjjwt/service/UserService.java +++ b/src/main/java/com/ard333/springbootwebfluxjjwt/service/UserService.java @@ -24,17 +24,6 @@ public class UserService { private final String adminUsername = "admin";// password: admin private final User admin = new User(adminUsername, "dQNjUIMorJb8Ubj2+wVGYp6eAeYkdekqAcnYp+aRq5w=", true, Arrays.asList(Role.ROLE_ADMIN)); - - public Mono findUserDetailsByUsername(String username) { - if (username.equals(userUsername)) { - return Mono.just(user); - } else if (username.equals(adminUsername)) { - return Mono.just(admin); - } else { - return Mono.empty(); - } - } - public Mono findByUsername(String username) { if (username.equals(userUsername)) { return Mono.just(user); diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 21614dd..7c37487 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,3 +1,5 @@ -springbootwebfluxjjwt.password.secret=mysecret +springbootwebfluxjjwt.password.encoder.secret=mysecret +springbootwebfluxjjwt.password.encoder.iteration=33 +springbootwebfluxjjwt.password.encoder.keylength=256 springbootwebfluxjjwt.jjwt.secret=mysecret springbootwebfluxjjwt.jjwt.expiration=28800 \ No newline at end of file