public final class StandardPasswordEncoder extends Object implements PasswordEncoder
PasswordEncoder
implementation that uses SHA-256 hashing with 1024 iterations and a
random 8-byte random salt value. It uses an additional system-wide secret value to provide additional protection.
The digest algorithm is invoked on the concatenated bytes of the salt, secret and password.
If you are developing a new system, BCryptPasswordEncoder
is
a better choice both in terms of security and interoperability with other languages.
Constructor and Description |
---|
StandardPasswordEncoder()
Constructs a standard password encoder with no additional secret value.
|
StandardPasswordEncoder(CharSequence secret)
Constructs a standard password encoder with a secret value which is also included in the
password hash.
|
Modifier and Type | Method and Description |
---|---|
String |
encode(CharSequence rawPassword)
Encode the raw password.
|
boolean |
matches(CharSequence rawPassword,
String encodedPassword)
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.
|
public StandardPasswordEncoder()
public StandardPasswordEncoder(CharSequence secret)
secret
- the secret key used in the encoding process (should not be shared)public String encode(CharSequence rawPassword)
PasswordEncoder
encode
in interface PasswordEncoder
public boolean matches(CharSequence rawPassword, String encodedPassword)
PasswordEncoder
matches
in interface PasswordEncoder
rawPassword
- the raw password to encode and matchencodedPassword
- the encoded password from storage to compare with