|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface HashingPasswordService
A HashingPasswordService
is a PasswordService
that performs password encryption and comparisons
based on cryptographic Hash
es.
Method Summary | |
---|---|
Hash |
hashPassword(Object plaintext)
Hashes the specified plaintext password using internal hashing configuration settings pertinent to password hashing. |
boolean |
passwordsMatch(Object plaintext,
Hash savedPasswordHash)
Returns true if the submittedPlaintext password matches the existing savedPasswordHash ,
false otherwise. |
Methods inherited from interface org.apache.shiro.authc.credential.PasswordService |
---|
encryptPassword, passwordsMatch |
Method Detail |
---|
Hash hashPassword(Object plaintext) throws IllegalArgumentException
Hash
object in a custom manner. Most applications will find the
encryptPassword
method suitable enough for safety
and ease-of-use.
Object
- almost always either a
String or character array representing passwords (character arrays are often a safer way to represent passwords
as they can be cleared/nulled-out after use. Any argument type supported by
ByteSource.Util#isCompatible(Object)
is valid.
Regardless of your choice of using Strings or character arrays to represent submitted passwords, you can wrap
either as a ByteSource
by using ByteSource.Util
, for example, when the passwords are captured as
Strings:
ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordString); Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);or, identically, when captured as a character array:
ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordCharacterArray); Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
plaintext
- the raw password as 'byte-backed' object (String, character array, ByteSource
,
etc) usually acquired from your application's 'new user' or 'password reset' workflow.
IllegalArgumentException
- if the argument cannot be easily converted to bytes as defined by
ByteSource.Util#isCompatible(Object)
.ByteSource.Util#isCompatible(Object)
,
PasswordService.encryptPassword(Object)
boolean passwordsMatch(Object plaintext, Hash savedPasswordHash)
true
if the submittedPlaintext
password matches the existing savedPasswordHash
,
false
otherwise. Note that this method is only likely to be used in more complex environments that
save hashes in a custom manner. Most applications will find the
passwordsMatch(plaintext,string)
method
sufficient if encrypting passwords as Strings
.
submittedPlaintext
argument type can be any 'byte backed' Object
- almost always either a
String or character array representing passwords (character arrays are often a safer way to represent passwords
as they can be cleared/nulled-out after use. Any argument type supported by
ByteSource.Util#isCompatible(Object)
is valid.
plaintext
- a raw/plaintext password submitted by an end user/Subject.savedPasswordHash
- the previously hashed password known to be associated with an account.
This value is expected to have been previously generated from the
hashPassword
method (typically
when the account is created or the account's password is reset).
true
if the plaintext
password matches the existing savedPasswordHash
,
false
otherwise.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |