Package org.alfresco.repo.security.authentication

Class MessageDigestPasswordEncoder

java.lang.Object
net.sf.acegisecurity.providers.encoding.BasePasswordEncoder
net.sf.acegisecurity.providers.encoding.BaseDigestPasswordEncoder
org.alfresco.repo.security.authentication.MessageDigestPasswordEncoder
All Implemented Interfaces:
net.sf.acegisecurity.providers.encoding.PasswordEncoder
Direct Known Subclasses:
ShaPasswordEncoderImpl
public class MessageDigestPasswordEncoder extends net.sf.acegisecurity.providers.encoding.BaseDigestPasswordEncoder
Base for digest password encoders.

This class can be used stand-alone, or one of the subclasses can be used for compatiblity and convenience. When using this class directly you must specify a Message Digest Algorithm to use as a constructor arg

The encoded password hash is normally returned as Hex (32 char) version of the hash bytes. Setting the encodeHashAsBase64 property to true will cause the encoded pass to be returned as Base64 text, which will consume 24 characters. See BaseDigestPasswordEncoder.setEncodeHashAsBase64(boolean)

This PasswordEncoder can be used directly as in the following example:

 <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder">
     <constructor-arg value="MD5"/>
 </bean>

  • Constructor Details

    • MessageDigestPasswordEncoder

      public MessageDigestPasswordEncoder(String algorithm)
      The digest algorithm to use Supports the named Message Digest Algorithms in the Java environment.
      Parameters:
      algorithm - String

    • MessageDigestPasswordEncoder

      public MessageDigestPasswordEncoder(String algorithm, boolean encodeHashAsBase64) throws IllegalArgumentException
      Convenience constructor for specifying the algorithm and whether or not to enable base64 encoding
      Parameters:
      algorithm - String
      encodeHashAsBase64 - boolean
      Throws:
      IllegalArgumentException - if an unknown

  • Method Details

    • encodePassword

      public String encodePassword(String rawPass, Object salt)
      Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged with the password before encoding.
      Parameters:
      rawPass - The plain text password
      salt - The salt to sprinkle
      Returns:
      Hex string of password digest (or base64 encoded string if encodeHashAsBase64 is enabled.

    • getMessageDigest

      protected final MessageDigest getMessageDigest() throws IllegalArgumentException
      Get a MessageDigest instance for the given algorithm. Throws an IllegalArgumentException if algorithm is unknown
      Returns:
      MessageDigest instance
      Throws:
      IllegalArgumentException - if NoSuchAlgorithmException is thrown

    • isPasswordValid

      public boolean isPasswordValid(String encPass, String rawPass, Object salt)
      Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value
      Parameters:
      encPass - previously encoded password
      rawPass - plain text password
      salt - salt to mix into password
      Returns:
      true or false

    • getAlgorithm

      public String getAlgorithm()