Package org.appng.core.security
Class BCryptPasswordHandler
- java.lang.Object
-
- org.appng.core.security.BCryptPasswordHandler
-
- All Implemented Interfaces:
PasswordHandler
public class BCryptPasswordHandler extends Object implements PasswordHandler
Provides methods to hash and validate passwords usings the bcrypt algorithm.- Author:
- Matthias Herlitzius
- See Also:
- Provos, Niels; Talan Jason Sutton (1999). A Future-Adaptable Password Scheme, Spring Security Reference, jBCrypt JavaDoc
-
-
Constructor Summary
Constructors Constructor Description BCryptPasswordHandler(AuthSubject authSubject)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidapplyPassword(String password)Hashes and sets the password, clears the salt, sets the last changed date for the passwordStringcalculatePasswordResetDigest()Calculates, sets and returns a salted digest which can be used for the "Forgot password?" function.static StringgetPrefix()Returns the identifier of the bcrypt algorithm.booleanisValidPassword(String password)Checks whether the password is valid for the currentAuthSubject.booleanisValidPasswordResetDigest(String digest)Checks whether the digest is valid for the currentAuthSubject.voidmigrate(CoreService service, String password)Migrates passwords of the currentPasswordHandlerinstance to passwords handled byCoreService.getDefaultPasswordHandler(org.appng.api.model.AuthSubject).
-
-
-
Constructor Detail
-
BCryptPasswordHandler
public BCryptPasswordHandler(AuthSubject authSubject)
-
-
Method Detail
-
applyPassword
public void applyPassword(String password)
Description copied from interface:PasswordHandlerHashes and sets the password, clears the salt, sets the last changed date for the password- Specified by:
applyPasswordin interfacePasswordHandler- Parameters:
password- The cleartext password.- See Also:
AuthSubject.setDigest(String),AuthSubject.setSalt(String),AuthSubject.setPasswordLastChanged(java.util.Date)
-
isValidPassword
public boolean isValidPassword(String password)
Description copied from interface:PasswordHandlerChecks whether the password is valid for the currentAuthSubject.- Specified by:
isValidPasswordin interfacePasswordHandler- Parameters:
password- The cleartext password.- Returns:
trueif the password is valid, false if it is invalid.- See Also:
AuthSubject.getDigest()
-
calculatePasswordResetDigest
public String calculatePasswordResetDigest()
Description copied from interface:PasswordHandlerCalculates, sets and returns a salted digest which can be used for the "Forgot password?" function.- Specified by:
calculatePasswordResetDigestin interfacePasswordHandler- Returns:
- A digest.
- See Also:
AuthSubject.setSalt(String),PasswordHandler.isValidPasswordResetDigest(String)
-
isValidPasswordResetDigest
public boolean isValidPasswordResetDigest(String digest)
Description copied from interface:PasswordHandlerChecks whether the digest is valid for the currentAuthSubject.- Specified by:
isValidPasswordResetDigestin interfacePasswordHandler- Parameters:
digest- The digest.- Returns:
trueif the digest is valid, false if it is invalid.- See Also:
AuthSubject.getSalt(),PasswordHandler.calculatePasswordResetDigest()
-
migrate
public void migrate(CoreService service, String password)
Description copied from interface:PasswordHandlerMigrates passwords of the currentPasswordHandlerinstance to passwords handled byCoreService.getDefaultPasswordHandler(org.appng.api.model.AuthSubject).- Specified by:
migratein interfacePasswordHandler- Parameters:
service- Instance ofCoreServicepassword- The current password.
-
getPrefix
public static String getPrefix()
Returns the identifier of the bcrypt algorithm.- Returns:
- The version identifier / prefix common to all bcrypt hashes.
- See Also:
- A Future-Adaptable Password Scheme / Implementation
-
-