Interface PasswordEncoder
-
- All Known Implementing Classes:
AbstractPasswordEncoder
,Argon2PasswordEncoder
,BCryptPasswordEncoder
,DelegatingPasswordEncoder
,LdapShaPasswordEncoder
,Md4PasswordEncoder
,MessageDigestPasswordEncoder
,NoOpPasswordEncoder
,Pbkdf2PasswordEncoder
,SCryptPasswordEncoder
,StandardPasswordEncoder
public interface PasswordEncoder
Service interface for encoding passwords. The preferred implementation isBCryptPasswordEncoder
.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description java.lang.String
encode(java.lang.CharSequence rawPassword)
Encode the raw password.boolean
matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.default boolean
upgradeEncoding(java.lang.String encodedPassword)
Returns true if the encoded password should be encoded again for better security, else false.
-
-
-
Method Detail
-
encode
java.lang.String encode(java.lang.CharSequence rawPassword)
Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.
-
matches
boolean matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.- Parameters:
rawPassword
- the raw password to encode and matchencodedPassword
- the encoded password from storage to compare with- Returns:
- true if the raw password, after encoding, matches the encoded password from storage
-
upgradeEncoding
default boolean upgradeEncoding(java.lang.String encodedPassword)
Returns true if the encoded password should be encoded again for better security, else false. The default implementation always returns false.- Parameters:
encodedPassword
- the encoded password to check- Returns:
- true if the encoded password should be encoded again for better security, else false.
-
-