org.springframework.security.authentication.encoding

Class BasePasswordEncoder

java.lang.Object

org.springframework.security.authentication.encoding.BasePasswordEncoder

All Implemented Interfaces:

PasswordEncoder

Direct Known Subclasses:

BaseDigestPasswordEncoder, PlaintextPasswordEncoder

public abstract class BasePasswordEncoder
extends Object
implements PasswordEncoder

Convenience base for all password encoders.

Constructor Summary

Constructors

Constructor and Description
BasePasswordEncoder()

Method Summary

Methods

Modifier and Type	Method and Description
protected String[]	demergePasswordAndSalt(String mergedPasswordSalt) Used by subclasses to extract the password and salt from a merged String created using mergePasswordAndSalt(String,Object,boolean).
protected String	mergePasswordAndSalt(String password, Object salt, boolean strict) Used by subclasses to generate a merged password and salt String.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authentication.encoding.PasswordEncoder

encodePassword, isPasswordValid

Constructor Detail

BasePasswordEncoder

public BasePasswordEncoder()

Method Detail

demergePasswordAndSalt

protected String[] demergePasswordAndSalt(String mergedPasswordSalt)

Used by subclasses to extract the password and salt from a merged String created using mergePasswordAndSalt(String,Object,boolean).

The first element in the returned array is the password. The second element is the salt. The salt array element will always be present, even if no salt was found in the mergedPasswordSalt argument.

Parameters:

mergedPasswordSalt - as generated by mergePasswordAndSalt

Returns:

an array, in which the first element is the password and the second the salt

Throws:

IllegalArgumentException - if mergedPasswordSalt is null or empty.

mergePasswordAndSalt

protected String mergePasswordAndSalt(String password,
                          Object salt,
                          boolean strict)

Used by subclasses to generate a merged password and salt String.

The generated password will be in the form of password{salt}.

A null can be passed to either method, and will be handled correctly. If the salt is null or empty, the resulting generated password will simply be the passed password. The toString method of the salt will be used to represent the salt.

Parameters:

password - the password to be used (can be null)

salt - the salt to be used (can be null)

strict - ensures salt doesn't contain the delimiters

Returns:

a merged password and salt String

Throws:

IllegalArgumentException - if the salt contains '{' or '}' characters.