DelegatingPasswordEncoder
which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure.@Deprecated public class MessageDigestPasswordEncoder extends Object implements PasswordEncoder
PasswordEncoder
is provided for legacy purposes only and is not considered secure.
Encodes passwords using the passed in MessageDigest
.
The general format of the password is:
s = salt == null ? "" : "{" + salt + "}" s + digest(password + s)Such that "salt" is the salt, digest is the digest method, and password is the actual password. For example when using MD5, a password of "password", and a salt of "thisissalt":
String s = salt == null ? "" : "{" + salt + "}"; s + md5(password + s) "{thisissalt}" + md5(password + "{thisissalt}") "{thisissalt}2a4e7104c2780098f50ed5a84bb2323d"If the salt does not exist, then omit "{salt}" like this:
digest(password)If the salt is an empty String, then only use "{}" like this:
"{}" + digest(password + "{}")The format is intended to work with the DigestPasswordEncoder that was found in the Spring Security core module. However, the passwords will need to be migrated to include any salt with the password since this API provides Salt internally vs making it the responsibility of the user. To migrate passwords from the SaltSource use the following:
String salt = saltSource.getSalt(user); String s = salt == null ? null : "{" + salt + "}"; String migratedPassword = s + user.getPassword();
Constructor and Description |
---|
MessageDigestPasswordEncoder(String algorithm)
Deprecated.
The digest algorithm to use Supports the named
Message Digest Algorithms in the Java environment.
|
Modifier and Type | Method and Description |
---|---|
String |
encode(CharSequence rawPassword)
Deprecated.
Encodes the rawPass using a MessageDigest.
|
boolean |
matches(CharSequence rawPassword,
String encodedPassword)
Deprecated.
Takes a previously encoded password and compares it with a rawpassword after mixing
in the salt and encoding that value
|
void |
setEncodeHashAsBase64(boolean encodeHashAsBase64)
Deprecated.
|
void |
setIterations(int iterations)
Deprecated.
Sets the number of iterations for which the calculated hash value should be
"stretched".
|
public MessageDigestPasswordEncoder(String algorithm)
algorithm
- public void setEncodeHashAsBase64(boolean encodeHashAsBase64)
public String encode(CharSequence rawPassword)
encode
in interface PasswordEncoder
rawPassword
- The plain text passwordpublic boolean matches(CharSequence rawPassword, String encodedPassword)
matches
in interface PasswordEncoder
rawPassword
- plain text passwordencodedPassword
- previously encoded passwordpublic void setIterations(int iterations)
iterations
- the number of iterations which will be executed on the hashed
password/salt value. Defaults to 1.