Package org.springframework.security.crypto.password

Interface PasswordEncoder

All Known Implementing Classes:
AbstractPasswordEncoder, AbstractValidatingPasswordEncoder, Argon2PasswordEncoder, BCryptPasswordEncoder, DelegatingPasswordEncoder, LdapShaPasswordEncoder, Md4PasswordEncoder, MessageDigestPasswordEncoder, NoOpPasswordEncoder, Pbkdf2PasswordEncoder, SCryptPasswordEncoder, StandardPasswordEncoder
public interface PasswordEncoder
Service interface for encoding passwords. The preferred implementation is BCryptPasswordEncoder.

  • Method Summary

    Modifier and Type
    Method
    Description
    @Nullable String
    encode(@Nullable CharSequence rawPassword)
    Encode the raw password.
    boolean
    matches(@Nullable CharSequence rawPassword, @Nullable String encodedPassword)
    Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.
    default boolean
    upgradeEncoding(@Nullable String encodedPassword)
    Returns true if the encoded password should be encoded again for better security, else false.

  • Method Details

    • encode

      @Nullable String encode(@Nullable CharSequence rawPassword)
      Encode the raw password. Generally, a good encoding algorithm uses an adaptive one way function.
      Parameters:
      rawPassword - a password that has not been encoded. The value can be null in the event that the user has no password; in which case the result must be null.
      Returns:
      A non-null encoded password, unless the rawPassword was null in which case the result must be null.

    • matches

      boolean matches(@Nullable CharSequence rawPassword, @Nullable String encodedPassword)
      Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded. Never true if either rawPassword or encodedPassword is null or an empty String.
      Parameters:
      rawPassword - the raw password to encode and match.
      encodedPassword - the encoded password from storage to compare with.
      Returns:
      true if the raw password, after encoding, matches the encoded password from storage.

    • upgradeEncoding

      default boolean upgradeEncoding(@Nullable String encodedPassword)
      Returns true if the encoded password should be encoded again for better security, else false. The default implementation always returns false.
      Parameters:
      encodedPassword - the encoded password to check. Possibly null if the user did not have a password.
      Returns:
      true if the encoded password should be encoded again for better security, else false. If encodedPassword is null (the user didn't have a password), then always false.