|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.authc.credential.DefaultPasswordService
public class DefaultPasswordService
Default implementation of the PasswordService
interface that relies on an internal
HashService
, HashFormat
, and HashFormatFactory
to function:
hashService
. After the hash
is computed, it is formatted into a String value via the internal hashFormat
.
Field Summary | |
---|---|
static String |
DEFAULT_HASH_ALGORITHM
|
static int |
DEFAULT_HASH_ITERATIONS
|
Constructor Summary | |
---|---|
DefaultPasswordService()
|
Method Summary | |
---|---|
protected HashRequest |
buildHashRequest(ByteSource plaintext,
Hash saved)
|
protected void |
checkHashFormatDurability()
|
protected ByteSource |
createByteSource(Object o)
|
protected HashRequest |
createHashRequest(ByteSource plaintext)
|
String |
encryptPassword(Object plaintext)
Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset' workflow) into a formatted string safe for storage. |
HashFormat |
getHashFormat()
|
HashFormatFactory |
getHashFormatFactory()
|
HashService |
getHashService()
|
Hash |
hashPassword(Object plaintext)
Hashes the specified plaintext password using internal hashing configuration settings pertinent to password hashing. |
boolean |
passwordsMatch(Object plaintext,
Hash saved)
Returns true if the submittedPlaintext password matches the existing savedPasswordHash ,
false otherwise. |
boolean |
passwordsMatch(Object submittedPlaintext,
String saved)
Returns true if the submittedPlaintext password matches the existing saved password,
false otherwise. |
void |
setHashFormat(HashFormat hashFormat)
|
void |
setHashFormatFactory(HashFormatFactory hashFormatFactory)
|
void |
setHashService(HashService hashService)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String DEFAULT_HASH_ALGORITHM
public static final int DEFAULT_HASH_ITERATIONS
Constructor Detail |
---|
public DefaultPasswordService()
Method Detail |
---|
public String encryptPassword(Object plaintext)
PasswordService
passwordsMatch(plaintext,encrypted)
method when performing a
password comparison check.
Object
- almost always either a
String or character array representing passwords (character arrays are often a safer way to represent passwords
as they can be cleared/nulled-out after use. Any argument type supported by
ByteSource.Util#isCompatible(Object)
is valid.
For example:
String rawPassword = ... String encryptedValue = passwordService.encryptPassword(rawPassword);or, identically:
char[] rawPasswordChars = ... String encryptedValue = passwordService.encryptPassword(rawPasswordChars);The resulting
encryptedValue
should be stored with the account to be retrieved later during a
login attempt. For example:
String encryptedValue = passwordService.encryptPassword(rawPassword); ... userAccount.setPassword(encryptedValue); userAccount.save(); //create or update to your data store
encryptPassword
in interface PasswordService
plaintext
- the raw password as 'byte-backed' object (String, character array, ByteSource
,
etc) usually acquired from your application's 'new user' or 'password reset' workflow.
ByteSource.Util#isCompatible(Object)
public Hash hashPassword(Object plaintext)
HashingPasswordService
Hash
object in a custom manner. Most applications will find the
encryptPassword
method suitable enough for safety
and ease-of-use.
Object
- almost always either a
String or character array representing passwords (character arrays are often a safer way to represent passwords
as they can be cleared/nulled-out after use. Any argument type supported by
ByteSource.Util#isCompatible(Object)
is valid.
Regardless of your choice of using Strings or character arrays to represent submitted passwords, you can wrap
either as a ByteSource
by using ByteSource.Util
, for example, when the passwords are captured as
Strings:
ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordString); Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);or, identically, when captured as a character array:
ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordCharacterArray); Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
hashPassword
in interface HashingPasswordService
plaintext
- the raw password as 'byte-backed' object (String, character array, ByteSource
,
etc) usually acquired from your application's 'new user' or 'password reset' workflow.
ByteSource.Util#isCompatible(Object)
,
PasswordService.encryptPassword(Object)
public boolean passwordsMatch(Object plaintext, Hash saved)
HashingPasswordService
true
if the submittedPlaintext
password matches the existing savedPasswordHash
,
false
otherwise. Note that this method is only likely to be used in more complex environments that
save hashes in a custom manner. Most applications will find the
passwordsMatch(plaintext,string)
method
sufficient if encrypting passwords as Strings
.
submittedPlaintext
argument type can be any 'byte backed' Object
- almost always either a
String or character array representing passwords (character arrays are often a safer way to represent passwords
as they can be cleared/nulled-out after use. Any argument type supported by
ByteSource.Util#isCompatible(Object)
is valid.
passwordsMatch
in interface HashingPasswordService
plaintext
- a raw/plaintext password submitted by an end user/Subject.saved
- the previously hashed password known to be associated with an account.
This value is expected to have been previously generated from the
hashPassword
method (typically
when the account is created or the account's password is reset).
true
if the plaintext
password matches the existing savedPasswordHash
,
false
otherwise.protected void checkHashFormatDurability()
protected HashRequest createHashRequest(ByteSource plaintext)
protected ByteSource createByteSource(Object o)
public boolean passwordsMatch(Object submittedPlaintext, String saved)
PasswordService
true
if the submittedPlaintext
password matches the existing saved
password,
false
otherwise.
submittedPlaintext
argument type can be any 'byte backed' Object
- almost always either a
String or character array representing passwords (character arrays are often a safer way to represent passwords
as they can be cleared/nulled-out after use. Any argument type supported by
ByteSource.Util#isCompatible(Object)
is valid.
For example:
String submittedPassword = ... passwordService.passwordsMatch(submittedPassword, encryptedPassword);or similarly:
char[] submittedPasswordCharacters = ... passwordService.passwordsMatch(submittedPasswordCharacters, encryptedPassword);
passwordsMatch
in interface PasswordService
submittedPlaintext
- a raw/plaintext password submitted by an end user/Subject.saved
- the previously encrypted password known to be associated with an account.
This value is expected to have been previously generated from the
encryptPassword
method (typically
when the account is created or the account's password is reset).
true
if the submittedPlaintext
password matches the existing saved
password,
false
otherwise.ByteSource.Util#isCompatible(Object)
protected HashRequest buildHashRequest(ByteSource plaintext, Hash saved)
public HashService getHashService()
public void setHashService(HashService hashService)
public HashFormat getHashFormat()
public void setHashFormat(HashFormat hashFormat)
public HashFormatFactory getHashFormatFactory()
public void setHashFormatFactory(HashFormatFactory hashFormatFactory)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |