PlaintextPasswordEncoder xref

View Javadoc

1   /* Copyright 2004 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.encoding;
17  
18  /***
19   * <p>
20   * Plaintext implementation of PasswordEncoder.
21   * </p>
22   * 
23   * <P>
24   * As callers may wish to extract the password and salts separately from the
25   * encoded password, the salt must not contain reserved characters
26   * (specifically '{' and '}').
27   * </p>
28   *
29   * @author colin sampaleanu
30   * @author Ben Alex
31   * @version $Id: PlaintextPasswordEncoder.java,v 1.4 2005/11/17 00:55:49 benalex Exp $
32   */
33  public class PlaintextPasswordEncoder extends BasePasswordEncoder {
34      //~ Instance fields ========================================================
35  
36      private boolean ignorePasswordCase = false;
37  
38      //~ Methods ================================================================
39  
40      /***
41       * Indicates whether the password comparison is case sensitive.
42       * 
43       * <P>
44       * Defaults to <code>false</code>, meaning an exact case match is required.
45       * </p>
46       *
47       * @param ignorePasswordCase set to <code>true</code> for less stringent
48       *        comparison
49       */
50      public void setIgnorePasswordCase(boolean ignorePasswordCase) {
51          this.ignorePasswordCase = ignorePasswordCase;
52      }
53  
54      public boolean isIgnorePasswordCase() {
55          return ignorePasswordCase;
56      }
57  
58      public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
59          String pass1 = encPass + "";
60  
61          // Strict delimiters is false because pass2 never persisted anywhere
62          // and we want to avoid unnecessary exceptions as a result (the
63          // authentication will fail as the encodePassword never allows them)
64          String pass2 = mergePasswordAndSalt(rawPass, salt, false);
65  
66          if (!ignorePasswordCase) {
67              return pass1.equals(pass2);
68          } else {
69              return pass1.equalsIgnoreCase(pass2);
70          }
71      }
72  
73      public String encodePassword(String rawPass, Object salt) {
74          return mergePasswordAndSalt(rawPass, salt, true);
75      }
76  
77      /***
78       * Demerges the previously {@link #encodePassword(String,
79       * Object)}<code>String</code>.
80       * 
81       * <P>
82       * The resulting array is guaranteed to always contain two elements. The
83       * first is the password, and the second is the salt.
84       * </p>
85       * 
86       * <P>
87       * Throws an exception if <code>null</code> or an empty <code>String</code>
88       * is passed to the method.
89       * </p>
90       *
91       * @param password from {@link #encodePassword(String, Object)}
92       *
93       * @return an array containing the password and salt
94       */
95      public String[] obtainPasswordAndSalt(String password) {
96          return demergePasswordAndSalt(password);
97      }
98  }