org.acegisecurity.providers.encoding.BasePasswordEncoder
org.acegisecurity.providers.encoding.BaseDigestPasswordEncoder
org.acegisecurity.providers.encoding.Md5PasswordEncoder
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class Md5PasswordEncoder
MD5 implementation of PasswordEncoder.
If a null password is presented, it will be treated as an empty
String ("") password.
As MD5 is a one-way hash, the salt can contain any characters.
| Constructor Summary | |
|---|---|
Md5PasswordEncoder()
|
|
| Method Summary | |
|---|---|
String |
encodePassword(String rawPass,
Object salt)
Encodes the specified raw password with an implementation specific algorithm. |
boolean |
isPasswordValid(String encPass,
String rawPass,
Object salt)
Validates a specified "raw" password against an encoded password. |
| Methods inherited from class org.acegisecurity.providers.encoding.BaseDigestPasswordEncoder |
|---|
getEncodeHashAsBase64, setEncodeHashAsBase64 |
| Methods inherited from class org.acegisecurity.providers.encoding.BasePasswordEncoder |
|---|
demergePasswordAndSalt, mergePasswordAndSalt |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public Md5PasswordEncoder()
| Method Detail |
|---|
public boolean isPasswordValid(String encPass,
String rawPass,
Object salt)
PasswordEncoderValidates a specified "raw" password against an encoded password.
The encoded password should have previously been generated by PasswordEncoder.encodePassword(String, Object). This method will encode the
rawPass (using the optional salt), and then
compared it with the presented encPass.
For a discussion of salts, please refer to PasswordEncoder.encodePassword(String, Object).
isPasswordValid in interface PasswordEncoderencPass - a pre-encoded passwordrawPass - a raw password to encode and compare against the
pre-encoded passwordsalt - optionally used by the implementation to "salt" the raw
password before encoding. A null value is legal.
public String encodePassword(String rawPass,
Object salt)
PasswordEncoderEncodes the specified raw password with an implementation specific algorithm.
This will generally be a one-way message digest such as MD5 or SHA, but may also be a plaintext variant which does no encoding at all, but rather returns the same password it was fed. The latter is useful to plug in when the original password must be stored as-is.
The specified salt will potentially be used by the implementation to "salt" the initial value before encoding. A salt is usually a user-specific value which is added to the password before the digest is computed. This means that computation of digests for common dictionary words will be different than those in the backend store, because the dictionary word digests will not reflect the addition of the salt. If a per-user salt is used (rather than a system-wide salt), it also means users with the same password will have different digest encoded passwords in the backend store.
If a salt value is provided, the same salt value must be use when
calling the PasswordEncoder.isPasswordValid(String, String, Object) method.
Note that a specific implementation may choose to ignore the salt value
(via null), or provide its own.
encodePassword in interface PasswordEncoderrawPass - the password to encodesalt - optionally used by the implementation to "salt" the raw
password before encoding. A null value is legal.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||