Package org.springframework.security.crypto.bcrypt

Class BCryptPasswordEncoder

java.lang.Object
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
All Implemented Interfaces:
PasswordEncoder
public class BCryptPasswordEncoder extends Object implements PasswordEncoder
Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients can optionally supply a "version" ($2a, $2b, $2y) and a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom instance. The larger the strength parameter the more work will have to be done (exponentially) to hash the passwords. The default value is 10.

  • Constructor Details

    • BCryptPasswordEncoder

      public BCryptPasswordEncoder()

    • BCryptPasswordEncoder

      public BCryptPasswordEncoder(int strength)
      Parameters:
      strength - the log rounds to use, between 4 and 31

    • BCryptPasswordEncoder

      public BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion version)
      Parameters:
      version - the version of bcrypt, can be 2a,2b,2y

    • BCryptPasswordEncoder

      public BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion version, SecureRandom random)
      Parameters:
      version - the version of bcrypt, can be 2a,2b,2y
      random - the secure random instance to use

    • BCryptPasswordEncoder

      public BCryptPasswordEncoder(int strength, SecureRandom random)
      Parameters:
      strength - the log rounds to use, between 4 and 31
      random - the secure random instance to use

    • BCryptPasswordEncoder

      public BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion version, int strength)
      Parameters:
      version - the version of bcrypt, can be 2a,2b,2y
      strength - the log rounds to use, between 4 and 31

    • BCryptPasswordEncoder

      public BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion version, int strength, SecureRandom random)
      Parameters:
      version - the version of bcrypt, can be 2a,2b,2y
      strength - the log rounds to use, between 4 and 31
      random - the secure random instance to use

  • Method Details

    • encode

      public String encode(CharSequence rawPassword)
      Description copied from interface: PasswordEncoder
      Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.
      Specified by:
      encode in interface PasswordEncoder

    • matches

      public boolean matches(CharSequence rawPassword, String encodedPassword)
      Description copied from interface: PasswordEncoder
      Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.
      Specified by:
      matches in interface PasswordEncoder
      Parameters:
      rawPassword - the raw password to encode and match
      encodedPassword - the encoded password from storage to compare with
      Returns:
      true if the raw password, after encoding, matches the encoded password from storage

    • upgradeEncoding

      public boolean upgradeEncoding(String encodedPassword)
      Description copied from interface: PasswordEncoder
      Returns true if the encoded password should be encoded again for better security, else false. The default implementation always returns false.
      Specified by:
      upgradeEncoding in interface PasswordEncoder
      Parameters:
      encodedPassword - the encoded password to check
      Returns:
      true if the encoded password should be encoded again for better security, else false.