Merge pull request #6 from buession/2.1.x

release 2.1.0

CHANGELOG.md

@@ -1,6 +1,33 @@
  Buession Security Changelog
 ===========================
 
+## [2.1.0](https://github.com/buession/buession-security/releases/tag/v2.1.0) (2022-08-07)
+
+### 🔨依赖升级
+
+- [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.1.0)
+- [owasp antisamy](https://github.com/nahsra/antisamy) 版本升级至 1.7.0
+
+
+### ⭐ 新特性
+
+- **buession-security-pac4j：** 注解 @Principal 支持 webflux 环境
+- **buession-security-web：** 新增 ReferrerPolicy 策略转换器 ReferrerPolicyConverter
+
+
+### 🔔 变化
+
+- **buession-security-mcrypt：** 废弃加密类中仅传递字符串形式的编码的构造函数
+- **buession-security-pac4j：** 优化注解 @Principal HandlerMethodArgumentResolver，继承 spring 原生 HandlerMethodArgumentResolver 实现抽象类
+
+
+### 🐞 Bug 修复
+
+- **buession-security-web：** 修复 HttpSecurity 构建器 ReactiveHttpSecurityBuilder、ServletHttpSecurityBuilder 中 Boolean 类型未判断 null 的 BUG
+
+
+---
+
 
 ## [2.0.2](https://github.com/buession/buession-security/releases/tag/v2.0.2) (2022-07-28)
 
@@ -9,11 +36,19 @@
 - [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.0.2)
 
 
+### ⭐ 新特性
+
+- **buession-security-mcrypt：** 新增 HMAC 密码生成器
+
+
 ### 🐞 Bug 修复
 
 - **buession-security-captcha：** 修复极验 v4 版本签名加密错误的 BUG
 
 
+---
+
+
 ## [2.0.1](https://github.com/buession/buession-security/releases/tag/v2.0.1) (2022-07-17)
 
 ### 🔨依赖升级
@@ -37,6 +72,9 @@
 - [owasp antisamy](https://github.com/nahsra/antisamy) 修复 [CVE-2022-29577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29577)、[CVE-2022-28367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28367)、[CVE-2021-35043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35043)、[CVE-2022-23437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437)、[CVE-2021-29425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425)、[CVE-2022-29546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29546) 漏洞
 
 
+---
+
+
 ## [2.0.0](https://github.com/buession/buession-security/releases/tag/v2.0.0) (2022-07-07)
 
 ### 🔨依赖升级
@@ -46,7 +84,7 @@
 
 ### ⭐ 新特性
 
-- **bbuession-security-captcha：** 新增极验 V4 版本支持，阿里云、腾讯云行为验证码
+- **buession-security-captcha：** 新增极验 V4 版本支持，阿里云、腾讯云行为验证码
 - **buession-security-mcrypt：** 新增 HMAC、AES、DES 算法加密
 - **buession-security-shiro：** 新增 SameSite 转换为 Shiro Cookie.SameSiteOptions 的转换器 SameSiteToShiroSameSiteOptionsConverter
 - **buession-security-web：** 新增浏览器安全配置以及浏览器安全 Http Security 构建器和自动配置类

README.md

@@ -7,6 +7,7 @@
 [![GitHub release](https://img.shields.io/github/release/buession/buession-security.svg)](https://github.com/buession/buession-security/releases)
 [![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
 [![Java support](https://img.shields.io/badge/Java-8+-green?logo=java&logoColor=white)](https://openjdk.java.net/)
+[![Javadocs](http://www.javadoc.io/badge/com.buession.security/buession-security-core.svg)](http://www.javadoc.io/doc/com.buession.security/buession-security-core)
 
 
 基于 Pac4j、Shiro 二次封装，集成 Spring Security，提供极验、阿里云、腾讯云行为验证码 SDK，封装了数据脱敏和多种密码加密方式工具类库的一款安全框架

buession-security-captcha/pom.xml

@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.0.2</version>
+		<version>2.1.0</version>
 	</parent>
 	<artifactId>buession-security-captcha</artifactId>
 	<url>https://github.com/buession/buession-security</url>
@@ -46,28 +46,21 @@
 		<url>https://github.com/buession/buession-security</url>
 	</scm>
 
+	<issueManagement>
+		<system>github</system>
+		<url>https://github.com/buession/buession-security/issues</url>
+	</issueManagement>
+
 	<dependencies>
 		<dependency>
 			<groupId>com.buession.security</groupId>
 			<artifactId>buession-security-core</artifactId>
 			<version>${project.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.springframework</groupId>
-					<artifactId>*</artifactId>
-				</exclusion>
-			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>com.buession.security</groupId>
 			<artifactId>buession-security-mcrypt</artifactId>
 			<version>${project.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.springframework</groupId>
-					<artifactId>*</artifactId>
-				</exclusion>
-			</exclusions>
 		</dependency>
 
 		<dependency>
@@ -99,6 +92,12 @@
 			<scope>provided</scope>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>jakarta.xml.bind</groupId>
+			<artifactId>jakarta.xml.bind-api</artifactId>
+			<scope>provided</scope>
+			<optional>true</optional>
+		</dependency>
 
 		<dependency>
 			<groupId>org.springframework</groupId>

buession-security-core/pom.xml

@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.0.2</version>
+		<version>2.1.0</version>
 	</parent>
 	<artifactId>buession-security-core</artifactId>
 	<url>https://github.com/buession/buession-security</url>
@@ -46,6 +46,11 @@
 		<url>https://github.com/buession/buession-security</url>
 	</scm>
 
+	<issueManagement>
+		<system>github</system>
+		<url>https://github.com/buession/buession-security/issues</url>
+	</issueManagement>
+
 	<dependencies>
 		<dependency>
 			<groupId>com.buession</groupId>
@@ -58,11 +63,6 @@
 			</exclusions>
 		</dependency>
 
-		<dependency>
-			<groupId>com.google.code.findbugs</groupId>
-			<artifactId>jsr305</artifactId>
-		</dependency>
-
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>

buession-security-mcrypt/pom.xml

@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.0.2</version>
+		<version>2.1.0</version>
 	</parent>
 	<artifactId>buession-security-mcrypt</artifactId>
 	<url>https://github.com/buession/buession-security</url>
@@ -46,6 +46,11 @@
 		<url>https://github.com/buession/buession-security</url>
 	</scm>
 
+	<issueManagement>
+		<system>github</system>
+		<url>https://github.com/buession/buession-security/issues</url>
+	</issueManagement>
+
 	<dependencies>
 		<dependency>
 			<groupId>com.buession.security</groupId>
@@ -56,6 +61,10 @@
 					<groupId>org.springframework</groupId>
 					<artifactId>*</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>commons-beanutils</groupId>
+					<artifactId>commons-beanutils</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/AESMcrypt.java

@@ -80,6 +80,7 @@ public AESMcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public AESMcrypt(final String characterEncoding){
 		super(Algo.AES, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Base64Mcrypt.java

@@ -51,6 +51,7 @@ public Base64Mcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public Base64Mcrypt(final String characterEncoding){
 		super(Algo.BASE64, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/DESMcrypt.java

@@ -90,6 +90,7 @@ public DESMcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public DESMcrypt(final String characterEncoding){
 		super(Algo.DES, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/DiscuzMycrypt.java

@@ -59,6 +59,7 @@ public DiscuzMycrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public DiscuzMycrypt(final String characterEncoding){
 		super(null, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/HmacMD5Mcrypt.java

@@ -49,6 +49,7 @@ public HmacMD5Mcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public HmacMD5Mcrypt(final String characterEncoding){
 		super(Algo.HMAC_MD5, characterEncoding);
 	}
@@ -91,5 +92,5 @@ public HmacMD5Mcrypt(final Charset charset, final String salt){
 	protected HmacAlgorithms getHmacAlgorithms(){
 		return HmacAlgorithms.HMAC_MD5;
 	}
-	
+
 }

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/HmacSha1Mcrypt.java

@@ -49,6 +49,7 @@ public HmacSha1Mcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public HmacSha1Mcrypt(final String characterEncoding){
 		super(Algo.HMAC_SHA1, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/HmacSha224Mcrypt.java

@@ -49,6 +49,7 @@ public HmacSha224Mcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public HmacSha224Mcrypt(final String characterEncoding){
 		super(Algo.HMAC_SHA224, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/HmacSha256Mcrypt.java

@@ -49,6 +49,7 @@ public HmacSha256Mcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public HmacSha256Mcrypt(final String characterEncoding){
 		super(Algo.HMAC_SHA256, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/HmacSha384Mcrypt.java

@@ -49,6 +49,7 @@ public HmacSha384Mcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public HmacSha384Mcrypt(final String characterEncoding){
 		super(Algo.HMAC_SHA384, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/HmacSha512Mcrypt.java

@@ -49,6 +49,7 @@ public HmacSha512Mcrypt(){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public HmacSha512Mcrypt(final String characterEncoding){
 		super(Algo.HMAC_SHA512, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/MD5Mcrypt.java

@@ -57,6 +57,7 @@ public MD5Mcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public MD5Mcrypt(final String characterEncoding){
 		super(Algo.MD5, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Sha1Mcrypt.java

@@ -57,6 +57,7 @@ public Sha1Mcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public Sha1Mcrypt(final String characterEncoding){
 		super(Algo.SHA1, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Sha224Mcrypt.java

@@ -58,6 +58,7 @@ public Sha224Mcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public Sha224Mcrypt(final String characterEncoding){
 		super(Algo.SHA224, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Sha256Mcrypt.java

@@ -57,6 +57,7 @@ public Sha256Mcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public Sha256Mcrypt(final String characterEncoding){
 		super(Algo.SHA256, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Sha384Mcrypt.java

@@ -58,6 +58,7 @@ public Sha384Mcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public Sha384Mcrypt(final String characterEncoding){
 		super(Algo.SHA384, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Sha512Mcrypt.java

@@ -57,6 +57,7 @@ public Sha512Mcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public Sha512Mcrypt(final String characterEncoding){
 		super(Algo.SHA512, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/ShaMcrypt.java

@@ -57,6 +57,7 @@ public ShaMcrypt(final Provider provider){
 	 * @param characterEncoding
 	 * 		字符编码
 	 */
+	@Deprecated
 	public ShaMcrypt(final String characterEncoding){
 		super(Algo.SHA, characterEncoding);
 	}

buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/passwordgenerator/AbstractPasswordGenerator.java

@@ -19,12 +19,13 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2020 Buession.com Inc.														       |
+ * | Copyright @ 2013-2022 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.mcrypt.passwordgenerator;
 
 import com.buession.core.utils.Assert;
+import com.buession.security.mcrypt.Mcrypt;
 
 import java.util.Random;
 
@@ -80,4 +81,9 @@ public byte[] digestEncoded(final byte[] password, final byte[] salt){
 		return digestEncoded(new String(password), new String(salt)).getBytes();
 	}
 
+	protected static String digestEncoded(final Mcrypt mcrypt, final String password, final String salt){
+		mcrypt.setSalt(salt);
+		return mcrypt.encode(password);
+	}
+
 }