Package org.appng.core.security
Class BCryptPasswordHandler
- java.lang.Object
-
- org.appng.core.security.BCryptPasswordHandler
-
- All Implemented Interfaces:
PasswordHandler
public class BCryptPasswordHandler extends Object implements PasswordHandler
Provides methods to hash and validate passwords usings the bcrypt algorithm.- Author:
- Matthias Herlitzius
- See Also:
- Provos, Niels; Talan Jason Sutton (1999). A Future-Adaptable Password Scheme, Spring Security Reference, jBCrypt JavaDoc
-
-
Constructor Summary
Constructors Constructor Description BCryptPasswordHandler(AuthSubject authSubject)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
applyPassword(String password)
Hashes and sets the password, clears the salt, sets the last changed date for the passwordString
calculatePasswordResetDigest()
Calculates, sets and returns a salted digest which can be used for the "Forgot password?" function.static String
getPrefix()
Returns the identifier of the bcrypt algorithm.boolean
isValidPassword(String password)
Checks whether the password is valid for the currentAuthSubject
.boolean
isValidPasswordResetDigest(String digest)
Checks whether the digest is valid for the currentAuthSubject
.void
migrate(CoreService service, String password)
Migrates passwords of the currentPasswordHandler
instance to passwords handled byCoreService.getDefaultPasswordHandler(org.appng.api.model.AuthSubject)
.
-
-
-
Constructor Detail
-
BCryptPasswordHandler
public BCryptPasswordHandler(AuthSubject authSubject)
-
-
Method Detail
-
applyPassword
public void applyPassword(String password)
Description copied from interface:PasswordHandler
Hashes and sets the password, clears the salt, sets the last changed date for the password- Specified by:
applyPassword
in interfacePasswordHandler
- Parameters:
password
- The cleartext password.- See Also:
AuthSubject.setDigest(String)
,AuthSubject.setSalt(String)
,AuthSubject.setPasswordLastChanged(java.util.Date)
-
isValidPassword
public boolean isValidPassword(String password)
Description copied from interface:PasswordHandler
Checks whether the password is valid for the currentAuthSubject
.- Specified by:
isValidPassword
in interfacePasswordHandler
- Parameters:
password
- The cleartext password.- Returns:
true
if the password is valid, false if it is invalid.- See Also:
AuthSubject.getDigest()
-
calculatePasswordResetDigest
public String calculatePasswordResetDigest()
Description copied from interface:PasswordHandler
Calculates, sets and returns a salted digest which can be used for the "Forgot password?" function.- Specified by:
calculatePasswordResetDigest
in interfacePasswordHandler
- Returns:
- A digest.
- See Also:
AuthSubject.setSalt(String)
,PasswordHandler.isValidPasswordResetDigest(String)
-
isValidPasswordResetDigest
public boolean isValidPasswordResetDigest(String digest)
Description copied from interface:PasswordHandler
Checks whether the digest is valid for the currentAuthSubject
.- Specified by:
isValidPasswordResetDigest
in interfacePasswordHandler
- Parameters:
digest
- The digest.- Returns:
true
if the digest is valid, false if it is invalid.- See Also:
AuthSubject.getSalt()
,PasswordHandler.calculatePasswordResetDigest()
-
migrate
public void migrate(CoreService service, String password)
Description copied from interface:PasswordHandler
Migrates passwords of the currentPasswordHandler
instance to passwords handled byCoreService.getDefaultPasswordHandler(org.appng.api.model.AuthSubject)
.- Specified by:
migrate
in interfacePasswordHandler
- Parameters:
service
- Instance ofCoreService
password
- The current password.
-
getPrefix
public static String getPrefix()
Returns the identifier of the bcrypt algorithm.- Returns:
- The version identifier / prefix common to all bcrypt hashes.
- See Also:
- A Future-Adaptable Password Scheme / Implementation
-
-