public class Pbkdf2PasswordEncoder extends Object implements PasswordEncoder
PasswordEncoder
implementation that uses PBKDF2 with a configurable number of
iterations and a random 8-byte random salt value.
The width of the output hash can also be configured.
The algorithm is invoked on the concatenated bytes of the salt, secret and password.
Modifier and Type | Class and Description |
---|---|
static class |
Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
The Algorithm used for creating the
SecretKeyFactory |
Constructor and Description |
---|
Pbkdf2PasswordEncoder()
Constructs a PBKDF2 password encoder with no additional secret value.
|
Pbkdf2PasswordEncoder(CharSequence secret)
Constructs a standard password encoder with a secret value which is also included
in the password hash.
|
Pbkdf2PasswordEncoder(CharSequence secret,
int iterations,
int hashWidth)
Constructs a standard password encoder with a secret value as well as iterations
and hash.
|
Modifier and Type | Method and Description |
---|---|
String |
encode(CharSequence rawPassword)
Encode the raw password.
|
boolean |
matches(CharSequence rawPassword,
String encodedPassword)
Verify the encoded password obtained from storage matches the submitted raw
password after it too is encoded.
|
void |
setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretKeyFactoryAlgorithm)
Sets the algorithm to use.
|
void |
setEncodeHashAsBase64(boolean encodeHashAsBase64)
Sets if the resulting hash should be encoded as Base64.
|
public Pbkdf2PasswordEncoder()
public Pbkdf2PasswordEncoder(CharSequence secret)
secret
- the secret key used in the encoding process (should not be shared)public Pbkdf2PasswordEncoder(CharSequence secret, int iterations, int hashWidth)
secret
- the secretiterations
- the number of iterations. Users should aim for taking about .5
seconds on their own system.hashWidth
- the size of the hashpublic void setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretKeyFactoryAlgorithm)
secretKeyFactoryAlgorithm
- the algorithm to use (i.e.
SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1
,
SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256
,
SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512
)public void setEncodeHashAsBase64(boolean encodeHashAsBase64)
encodeHashAsBase64
- true if encode as Base64, false if should use Hex
(default)public String encode(CharSequence rawPassword)
PasswordEncoder
encode
in interface PasswordEncoder
public boolean matches(CharSequence rawPassword, String encodedPassword)
PasswordEncoder
matches
in interface PasswordEncoder
rawPassword
- the raw password to encode and matchencodedPassword
- the encoded password from storage to compare with