org.springframework.security.authentication.encoding

Class MessageDigestPasswordEncoder

java.lang.Object

org.springframework.security.authentication.encoding.BasePasswordEncoder

org.springframework.security.authentication.encoding.BaseDigestPasswordEncoder

org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder

All Implemented Interfaces:

PasswordEncoder

Direct Known Subclasses:

Md5PasswordEncoder, ShaPasswordEncoder

public class MessageDigestPasswordEncoder
extends BaseDigestPasswordEncoder

Base for digest password encoders.

This class can be used stand-alone, or one of the subclasses can be used for compatiblity and convenience. When using this class directly you must specify a Message Digest Algorithm to use as a constructor arg.

The encoded password hash is normally returned as Hex (32 char) version of the hash bytes. Setting the encodeHashAsBase64 property to true will cause the encoded pass to be returned as Base64 text, which will consume 24 characters. See BaseDigestPasswordEncoder.setEncodeHashAsBase64(boolean)

This PasswordEncoder can be used directly as in the following example:

 <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder">
     <constructor-arg value="MD5"/>
 </bean>
 

If desired, the iterations property can be set to enable "password stretching" for the digest calculation.

Since:

1.0.1

Constructor Summary

Constructors

Constructor and Description
MessageDigestPasswordEncoder(java.lang.String algorithm) The digest algorithm to use Supports the named Message Digest Algorithms in the Java environment.
MessageDigestPasswordEncoder(java.lang.String algorithm, boolean encodeHashAsBase64) Convenience constructor for specifying the algorithm and whether or not to enable base64 encoding

Method Summary

Modifier and Type	Method and Description
java.lang.String	encodePassword(java.lang.String rawPass, java.lang.Object salt) Encodes the rawPass using a MessageDigest.
java.lang.String	getAlgorithm()
protected java.security.MessageDigest	getMessageDigest() Get a MessageDigest instance for the given algorithm.
boolean	isPasswordValid(java.lang.String encPass, java.lang.String rawPass, java.lang.Object salt) Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value
void	setIterations(int iterations) Sets the number of iterations for which the calculated hash value should be "stretched".

Methods inherited from class org.springframework.security.authentication.encoding.BaseDigestPasswordEncoder

getEncodeHashAsBase64, setEncodeHashAsBase64

Methods inherited from class org.springframework.security.authentication.encoding.BasePasswordEncoder

demergePasswordAndSalt, mergePasswordAndSalt

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MessageDigestPasswordEncoder

public MessageDigestPasswordEncoder(java.lang.String algorithm)

The digest algorithm to use Supports the named Message Digest Algorithms in the Java environment.

Parameters:

algorithm -

MessageDigestPasswordEncoder

public MessageDigestPasswordEncoder(java.lang.String algorithm,
                                    boolean encodeHashAsBase64)
                             throws java.lang.IllegalArgumentException

Convenience constructor for specifying the algorithm and whether or not to enable base64 encoding

Parameters:

algorithm -

encodeHashAsBase64 -

Throws:

java.lang.IllegalArgumentException - if an unknown

Method Detail

encodePassword

public java.lang.String encodePassword(java.lang.String rawPass,
                                       java.lang.Object salt)

Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged with the password before encoding.

Parameters:

rawPass - The plain text password

salt - The salt to sprinkle

Returns:

Hex string of password digest (or base64 encoded string if encodeHashAsBase64 is enabled.

getMessageDigest

protected final java.security.MessageDigest getMessageDigest()
                                                      throws java.lang.IllegalArgumentException

Get a MessageDigest instance for the given algorithm. Throws an IllegalArgumentException if algorithm is unknown

Returns:

MessageDigest instance

Throws:

java.lang.IllegalArgumentException - if NoSuchAlgorithmException is thrown

isPasswordValid

public boolean isPasswordValid(java.lang.String encPass,
                               java.lang.String rawPass,
                               java.lang.Object salt)

Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value

Parameters:

encPass - previously encoded password

rawPass - plain text password

salt - salt to mix into password

Returns:

true or false

getAlgorithm

public java.lang.String getAlgorithm()

setIterations

public void setIterations(int iterations)

Sets the number of iterations for which the calculated hash value should be "stretched". If this is greater than one, the initial digest is calculated, the digest function will be called repeatedly on the result for the additional number of iterations.

Parameters:

iterations - the number of iterations which will be executed on the hashed password/salt value. Defaults to 1.