PlaintextPasswordEncoder xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.springframework.security.providers.encoding;
17  
18  /**
19   * <p>Plaintext implementation of PasswordEncoder.</p>
20   *  <P>As callers may wish to extract the password and salts separately from the encoded password, the salt must
21   * not contain reserved characters (specifically '{' and '}').</p>
22   *
23   * @author colin sampaleanu
24   * @author Ben Alex
25   * @version $Id: PlaintextPasswordEncoder.java 2217 2007-10-27 00:45:30Z luke_t $
26   */
27  public class PlaintextPasswordEncoder extends BasePasswordEncoder {
28      //~ Instance fields ================================================================================================
29  
30      private boolean ignorePasswordCase = false;
31  
32      //~ Methods ========================================================================================================
33  
34      public String encodePassword(String rawPass, Object salt) {
35          return mergePasswordAndSalt(rawPass, salt, true);
36      }
37  
38      public boolean isIgnorePasswordCase() {
39          return ignorePasswordCase;
40      }
41  
42      public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
43          String pass1 = encPass + "";
44  
45          // Strict delimiters is false because pass2 never persisted anywhere
46          // and we want to avoid unnecessary exceptions as a result (the
47          // authentication will fail as the encodePassword never allows them)
48          String pass2 = mergePasswordAndSalt(rawPass, salt, false);
49  
50          if (!ignorePasswordCase) {
51              return pass1.equals(pass2);
52          } else {
53              return pass1.equalsIgnoreCase(pass2);
54          }
55      }
56  
57      /**
58       * Demerges the previously {@link #encodePassword(String, Object)}<code>String</code>.<P>The resulting
59       * array is guaranteed to always contain two elements. The first is the password, and the second is the salt.</p>
60       *  <P>Throws an exception if <code>null</code> or an empty <code>String</code> is passed to the method.</p>
61       *
62       * @param password from {@link #encodePassword(String, Object)}
63       *
64       * @return an array containing the password and salt
65       */
66      public String[] obtainPasswordAndSalt(String password) {
67          return demergePasswordAndSalt(password);
68      }
69  
70      /**
71       * Indicates whether the password comparison is case sensitive.<P>Defaults to <code>false</code>, meaning
72       * an exact case match is required.</p>
73       *
74       * @param ignorePasswordCase set to <code>true</code> for less stringent comparison
75       */
76      public void setIgnorePasswordCase(boolean ignorePasswordCase) {
77          this.ignorePasswordCase = ignorePasswordCase;
78      }
79  }