|
|
|
|
|
|
by TheFinalDraw
3255 days ago
|
|
|
Hey! A thing I can actually help with! I put together a PoC of exactly this when I had the same idea a couple years ago. Here's a basic generic example I put together at the time, that also defines interfaces for other policy directives (e.g. min length, etc.): https://github.com/milo-minderbinder/policy/blob/master/src/... I'll add docs and updates if people give a shit. The passwords.dat file in the resources folder is the top 1m most common pws that I compiled from a number of lists available at the time. I implemented a redis-backed instance of the above common-password bloom filter in a sample Spring app which I was using to show off some features of spring security to a dev (I work in AppSec). You can see the policy and redis config here: https://github.com/milo-minderbinder/spring-ref/blob/indev/s... And you can see an example of how to wire it up to a Spring Validator here:
https://github.com/milo-minderbinder/spring-ref/blob/indev/s... And you'll find where it's registered as a bean in the SecurityConfig.java file in the config dir with the other Spring java-config classes. If you want to run it, I dockerized the whole Shebang with docker-compose a whole back, which should be easy to run: https://github.com/milo-minderbinder/docker-spring-ref/tree/... Hope any of this was meaningful to literally anyone in literally any capacity haha |
|
|