Package org.springframework.security.crypto.bcrypt

Class BCryptPasswordEncoder

  • All Implemented Interfaces:
    PasswordEncoder
    public class BCryptPasswordEncoder
extends java.lang.Object
implements PasswordEncoder
    Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients can optionally supply a "version" ($2a, $2b, $2y) and a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom instance. The larger the strength parameter the more work will have to be done (exponentially) to hash the passwords. The default value is 10.

    • Constructor Detail

      • BCryptPasswordEncoder

        public BCryptPasswordEncoder()

      • BCryptPasswordEncoder

        public BCryptPasswordEncoder​(int strength)
        Parameters:
        strength - the log rounds to use, between 4 and 31

      • BCryptPasswordEncoder

        public BCryptPasswordEncoder​(BCryptPasswordEncoder.BCryptVersion version,
                             java.security.SecureRandom random)
        Parameters:
        version - the version of bcrypt, can be 2a,2b,2y
        random - the secure random instance to use

      • BCryptPasswordEncoder

        public BCryptPasswordEncoder​(int strength,
                             java.security.SecureRandom random)
        Parameters:
        strength - the log rounds to use, between 4 and 31
        random - the secure random instance to use

      • BCryptPasswordEncoder

        public BCryptPasswordEncoder​(BCryptPasswordEncoder.BCryptVersion version,
                             int strength)
        Parameters:
        version - the version of bcrypt, can be 2a,2b,2y
        strength - the log rounds to use, between 4 and 31

      • BCryptPasswordEncoder

        public BCryptPasswordEncoder​(BCryptPasswordEncoder.BCryptVersion version,
                             int strength,
                             java.security.SecureRandom random)
        Parameters:
        version - the version of bcrypt, can be 2a,2b,2y
        strength - the log rounds to use, between 4 and 31
        random - the secure random instance to use

    • Method Detail

      • encode

        public java.lang.String encode​(java.lang.CharSequence rawPassword)
        Description copied from interface: PasswordEncoder
        Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.
        Specified by:
        encode in interface PasswordEncoder

      • matches

        public boolean matches​(java.lang.CharSequence rawPassword,
                       java.lang.String encodedPassword)
        Description copied from interface: PasswordEncoder
        Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.
        Specified by:
        matches in interface PasswordEncoder
        Parameters:
        rawPassword - the raw password to encode and match
        encodedPassword - the encoded password from storage to compare with
        Returns:
        true if the raw password, after encoding, matches the encoded password from storage

      • upgradeEncoding

        public boolean upgradeEncoding​(java.lang.String encodedPassword)
        Description copied from interface: PasswordEncoder
        Returns true if the encoded password should be encoded again for better security, else false. The default implementation always returns false.
        Specified by:
        upgradeEncoding in interface PasswordEncoder
        Parameters:
        encodedPassword - the encoded password to check
        Returns:
        true if the encoded password should be encoded again for better security, else false.