Package org.alfresco.repo.security.authentication

Class CompositePasswordEncoder

java.lang.Object
org.alfresco.repo.security.authentication.CompositePasswordEncoder
public class CompositePasswordEncoder extends Object
A configurable password encoding that delegates the encoding to a Map of configured encoders.
Author:
Gethin James

  • Field Details

  • Constructor Details

    • CompositePasswordEncoder

      public CompositePasswordEncoder()

  • Method Details

    • getPreferredEncoding

      public String getPreferredEncoding()

    • setPreferredEncoding

      public void setPreferredEncoding(String preferredEncoding)

    • setEncoders

      public void setEncoders(Map<String,Object> encoders)

    • lastEncodingIsPreferred

      public boolean lastEncodingIsPreferred(List<String> hashIndicator)
      Is the preferred encoding the last encoding to be used.
      Parameters:
      hashIndicator - representing the encoding
      Returns:
      true if is correct

    • isSafeToEncodeChain

      public boolean isSafeToEncodeChain(List<String> encodingChain)
      Determines if its safe to encode the encoding chain. This applies particularly to double-hashing. BCRYPT uses its own internal salt so its NOT safe to use it more than once in an encoding chain (because the result will be different each time.) BCRYPT CAN BE USED successfully as the last element in an encoding chain. Anything that implements springframework PasswordEncoder is considered "unsafe" (because the method takes no salt param).
      Parameters:
      encodingChain - mandatory encoding chain
      Returns:
      true if it is okay to encode this chain.

    • init

      public void init()
      Basic init method for checking mandatory properties

    • encodePassword

      public String encodePassword(String rawPassword, Object salt, List<String> encodingChain)
      Encode a password
      Parameters:
      rawPassword - mandatory password
      salt - optional salt
      encodingChain - mandatory encoding chain
      Returns:
      the encoded password

    • encodePreferred

      public String encodePreferred(String rawPassword, Object salt)
      Encodes a password in the preferred encoding.
      Parameters:
      rawPassword - mandatory password
      salt - optional salt
      Returns:
      Encoded password

    • encode

      protected String encode(String encoderKey, String rawPassword, Object salt)
      Encode a password using the specified encoderKey
      Parameters:
      encoderKey - the encoder to use
      rawPassword - mandatory password
      salt - optional salt
      Returns:
      the encoded password

    • matchesPassword

      public boolean matchesPassword(String rawPassword, String encodedPassword, Object salt, List<String> encodingChain)
      Does the password match?
      Parameters:
      rawPassword - mandatory password
      encodedPassword - mandatory hashed version
      salt - optional salt
      encodingChain - mandatory encoding chain
      Returns:
      true if they match

    • matches

      protected boolean matches(String encoderKey, String rawPassword, String encodedPassword, Object salt)
      Does the password match?
      Parameters:
      encoderKey - the encoder to use
      rawPassword - mandatory password
      encodedPassword - mandatory hashed version
      salt - optional salt
      Returns:
      true if they match