Class AbstractPasswordEncoder
- java.lang.Object
-
- org.springframework.security.crypto.password.AbstractPasswordEncoder
-
- All Implemented Interfaces:
PasswordEncoder
public abstract class AbstractPasswordEncoder extends java.lang.Object implements PasswordEncoder
Abstract base class for password encoders
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractPasswordEncoder()
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description java.lang.String
encode(java.lang.CharSequence rawPassword)
Encode the raw password.protected abstract byte[]
encode(java.lang.CharSequence rawPassword, byte[] salt)
protected byte[]
encodeAndConcatenate(java.lang.CharSequence rawPassword, byte[] salt)
protected static boolean
matches(byte[] expected, byte[] actual)
Constant time comparison to prevent against timing attacks.boolean
matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.springframework.security.crypto.password.PasswordEncoder
upgradeEncoding
-
-
-
-
Method Detail
-
encode
public java.lang.String encode(java.lang.CharSequence rawPassword)
Description copied from interface:PasswordEncoder
Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.- Specified by:
encode
in interfacePasswordEncoder
-
matches
public boolean matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)
Description copied from interface:PasswordEncoder
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.- Specified by:
matches
in interfacePasswordEncoder
- Parameters:
rawPassword
- the raw password to encode and matchencodedPassword
- the encoded password from storage to compare with- Returns:
- true if the raw password, after encoding, matches the encoded password from storage
-
encode
protected abstract byte[] encode(java.lang.CharSequence rawPassword, byte[] salt)
-
encodeAndConcatenate
protected byte[] encodeAndConcatenate(java.lang.CharSequence rawPassword, byte[] salt)
-
matches
protected static boolean matches(byte[] expected, byte[] actual)
Constant time comparison to prevent against timing attacks.
-
-