org.springframework.security.authentication.encoding
Class BasePasswordEncoder

java.lang.Object
  extended by org.springframework.security.authentication.encoding.BasePasswordEncoder
All Implemented Interfaces:
PasswordEncoder
Direct Known Subclasses:
BaseDigestPasswordEncoder, PlaintextPasswordEncoder

public abstract class BasePasswordEncoder
extends Object
implements PasswordEncoder

Convenience base for all password encoders.


Constructor Summary
BasePasswordEncoder()
           
 
Method Summary
protected  String[] demergePasswordAndSalt(String mergedPasswordSalt)
          Used by subclasses to extract the password and salt from a merged String created using mergePasswordAndSalt(String,Object,boolean).
protected  String mergePasswordAndSalt(String password, Object salt, boolean strict)
          Used by subclasses to generate a merged password and salt String.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.springframework.security.authentication.encoding.PasswordEncoder
encodePassword, isPasswordValid
 

Constructor Detail

BasePasswordEncoder

public BasePasswordEncoder()
Method Detail

demergePasswordAndSalt

protected String[] demergePasswordAndSalt(String mergedPasswordSalt)
Used by subclasses to extract the password and salt from a merged String created using mergePasswordAndSalt(String,Object,boolean).

The first element in the returned array is the password. The second element is the salt. The salt array element will always be present, even if no salt was found in the mergedPasswordSalt argument.

Parameters:
mergedPasswordSalt - as generated by mergePasswordAndSalt
Returns:
an array, in which the first element is the password and the second the salt
Throws:
IllegalArgumentException - if mergedPasswordSalt is null or empty.

mergePasswordAndSalt

protected String mergePasswordAndSalt(String password,
                                      Object salt,
                                      boolean strict)
Used by subclasses to generate a merged password and salt String.

The generated password will be in the form of password{salt}.

A null can be passed to either method, and will be handled correctly. If the salt is null or empty, the resulting generated password will simply be the passed password. The toString method of the salt will be used to represent the salt.

Parameters:
password - the password to be used (can be null)
salt - the salt to be used (can be null)
strict - ensures salt doesn't contain the delimiters
Returns:
a merged password and salt String
Throws:
IllegalArgumentException - if the salt contains '{' or '}' characters.