replace PasswordEncoder

`org.springframework.security.authentication.encoding.PasswordEncoder`, which was deprecated, has been removed. Its usage has been replaced with
 `org.springframework.security.crypto.password.PasswordEncoder`.

remove salt

Remove password encoders

salt

Fix messageDiggesterPassword import

remove sat source

functional-test-app/src/integration-test/groovy/specs/AbstractSecuritySpec.groovy

@@ -3,11 +3,11 @@ package specs
 import com.testapp.TestDataService
 import geb.driver.CachingDriverFactory
 import geb.spock.GebReportingSpec
-import grails.plugin.springsecurity.Application
+import grails.plugin.springsecurity.SpringSecurityCoreGrailsPlugin
 import grails.plugin.springsecurity.SpringSecurityUtils
 import grails.testing.mixin.integration.Integration
 import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder
+import org.springframework.security.crypto.password.MessageDigestPasswordEncoder
 import pages.LoginPage
 import spock.lang.Shared
 import spock.lang.Stepwise
@@ -87,7 +87,7 @@ abstract class AbstractSecuritySpec extends GebReportingSpec {
 	}
 
 	protected MessageDigestPasswordEncoder createSha256Encoder() {
-		def passwordEncoder = new MessageDigestPasswordEncoder('SHA-256')
+		MessageDigestPasswordEncoder passwordEncoder = new MessageDigestPasswordEncoder(SpringSecurityCoreGrailsPlugin.ENCODING_IDSHA256)
 		passwordEncoder.iterations = 1
 		passwordEncoder
 	}

functional-test-app/src/integration-test/groovy/specs/BCryptSpec.groovy

@@ -39,15 +39,13 @@ class BCryptSpec extends AbstractSecuritySpec {
 		String encryptedPassword = getContent('hack/getUserProperty?user=user1&propName=password')
 
 		then:
-		encryptedPassword.startsWith '$2a$'
+		encryptedPassword.startsWith '{bcrypt}$2a$'
 
 		when:
 		def shaPasswordEncoder = createSha256Encoder()
-		String notSalted = shaPasswordEncoder.encodePassword('p4ssw0rd', null)
-		String salted = shaPasswordEncoder.encodePassword('p4ssw0rd', 'user1')
+		String notSalted = shaPasswordEncoder.encode('p4ssw0rd')
 
 		then:
-		salted != encryptedPassword
 		notSalted != encryptedPassword
 	}
 }

functional-test-app/src/integration-test/groovy/specs/MiscSpec.groovy

@@ -1,5 +1,6 @@
 package specs
 
+import org.springframework.security.crypto.password.PasswordEncoder
 import pages.IndexPage
 import spock.lang.IgnoreRest
 import spock.lang.Issue
@@ -8,19 +9,16 @@ import spock.lang.IgnoreIf
 @IgnoreIf({ System.getProperty('TESTCONFIG') != 'misc' })
 class MiscSpec extends AbstractHyphenatedSecuritySpec {
 
-	@IgnoreRest
 	void 'salted password'() {
 		given:
 		String username = 'testuser_books_and_movies'
-		def passwordEncoder = createSha256Encoder()
+		PasswordEncoder passwordEncoder = createSha256Encoder()
 
 		when:
 		String hashedPassword = getUserProperty(username, 'password')
-		String notSalted = passwordEncoder.encodePassword('password', null)
-		String salted = passwordEncoder.encodePassword('password', username)
+		String notSalted = passwordEncoder.encode('password')
 
 		then:
-		salted == hashedPassword
 		notSalted != hashedPassword
 	}
 

functional-test-app/src/main/groovy/com/testapp/TestUserPasswordEncoderListener.groovy

@@ -45,7 +45,7 @@ class TestUserPasswordEncoderListener {
     }
 
     private String encodePassword(TestUser u) {
-        springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(u.password, salt(u)) : u.password
+        springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(u.password) : u.password
     }
 
     private def salt(TestUser u) {

integration-test-app/src/integration-test/groovy/grails/plugin/springsecurity/GormUserDetailsServiceSpec.groovy

@@ -123,7 +123,7 @@ class GormUserDetailsServiceSpec extends AbstractIntegrationSpec {
 		then:
 		details
 
-		passwordEncoder.isPasswordValid details.password, password, null
+		passwordEncoder.matches password, details.password
 		loginName == details.username
 		details.enabled
 		details.accountNonExpired
@@ -237,7 +237,7 @@ class GormUserDetailsServiceSpec extends AbstractIntegrationSpec {
 		then:
 		details
 
-		passwordEncoder.isPasswordValid details.password, password, null
+		passwordEncoder.matches password, details.password
 		loginName == details.username
 		details.enabled
 		details.accountNonExpired

plugin/grails-app/services/grails/plugin/springsecurity/SpringSecurityService.groovy

@@ -126,11 +126,8 @@ class SpringSecurityService {
 	/**
 	 * Encode the password using the configured PasswordEncoder.
 	 */
-	String encodePassword(String password, salt = null) {
-		if (securityConfig.password.algorithm in NO_SALT) {
-			salt = null
-		}
-		passwordEncoder.encodePassword password, salt
+	String encodePassword(String password) {
+		passwordEncoder.encode password
 	}
 
 	/**

plugin/src/docs/passwords/locking.adoc

@@ -153,13 +153,13 @@ def updatePassword(String password, String password_new, String password_new_2)
    }
 
    User user = User.findByUsername(username)
-   if (!passwordEncoder.isPasswordValid(user.password, password, null /*salt*/)) {
+   if (!passwordEncoder.matches(password, user.password)) {
       flash.message = 'Current password is incorrect'
       render view: 'passwordExpired', model: [username: session['SPRING_SECURITY_LAST_USERNAME']]
       return
    }
 
-   if (passwordEncoder.isPasswordValid(user.password, password_new, null /*salt*/)) {
+   if (passwordEncoder.matches(password_new, user.password)) {
       flash.message = 'Please choose a different password from your current one'
       render view: 'passwordExpired', model: [username: session['SPRING_SECURITY_LAST_USERNAME']]
       return