public class LdapShaPasswordEncoder extends java.lang.Object implements PasswordEncoder
ShaPasswordEncoder
which supports Ldap SHA and SSHA (salted-SHA)
encodings. The values are base-64 encoded and have the label "{SHA}" (or "{SSHA}")
prepended to the encoded hash. These can be made lower-case in the encoded password, if
required, by setting the forceLowerCasePrefix property to true.
Also supports plain text passwords, so can safely be used in cases when both encoded
and non-encoded passwords are in use or when a null implementation is required.Constructor and Description |
---|
LdapShaPasswordEncoder() |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
encodePassword(java.lang.String rawPass,
java.lang.Object salt)
Calculates the hash of password (and salt bytes, if supplied) and returns a base64
encoded concatenation of the hash and salt, prefixed with {SHA} (or {SSHA} if salt
was used).
|
boolean |
isPasswordValid(java.lang.String encPass,
java.lang.String rawPass,
java.lang.Object salt)
Checks the validity of an unencoded password against an encoded one in the form
"{SSHA}sQuQF8vj8Eg2Y1hPdh3bkQhCKQBgjhQI".
|
void |
setForceLowerCasePrefix(boolean forceLowerCasePrefix) |
public java.lang.String encodePassword(java.lang.String rawPass, java.lang.Object salt)
encodePassword
in interface PasswordEncoder
rawPass
- the password to be encoded.salt
- the salt. Must be a byte array or null.public boolean isPasswordValid(java.lang.String encPass, java.lang.String rawPass, java.lang.Object salt)
isPasswordValid
in interface PasswordEncoder
encPass
- the actual SSHA or SHA encoded passwordrawPass
- unencoded password to be verified.salt
- ignored. If the format is SSHA the salt bytes will be extracted from
the encoded password.public void setForceLowerCasePrefix(boolean forceLowerCasePrefix)