Class SaltedMD5PasswordEncoder
- java.lang.Object
-
- de.hybris.platform.persistence.security.MD5PasswordEncoder
-
- de.hybris.platform.persistence.security.SaltedMD5PasswordEncoder
-
- All Implemented Interfaces:
PasswordEncoder,java.io.Serializable
- Direct Known Subclasses:
PKbasedSaltedMD5PasswordEncoder
@Deprecated public class SaltedMD5PasswordEncoder extends MD5PasswordEncoder
Deprecated.since ages - deprecated due toGenericSaltedPasswordEncoderintroduction and because MD5 is not considered to be safe anymore. It delegates salt-related logic handling toSaltEncodingPolicybeanThe submitted 'password' will be salted in the following way:+ + , so the usage of "rainbowtables" for cracking the stored passwords is useless! The value for SYSTEM_SPECIFC_SALT will be generated by getSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated bygenerateUserSpecificSalt(String)
By implementing these methods in your own way,you are able to adapt the encoding/password check process to your needs.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description SaltedMD5PasswordEncoder()Deprecated.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description booleancheck(java.lang.String encoded, java.lang.String password)Deprecated.booleancheck(java.lang.String uid, java.lang.String encoded, java.lang.String password)Deprecated.Calculates the hash of 'plain' and compare it with the value of 'encoded'.java.lang.Stringdecode(java.lang.String encoded)Deprecated.Decode the givenencodedpassword.java.lang.Stringencode(java.lang.String password)Deprecated.Unsupported method call! You have to useencode(String, String).java.lang.Stringencode(java.lang.String uid, java.lang.String password)Deprecated.This implementation will build a string with the following pattern
:: ::
The value for SYSTEM_SPECIFC_SALT will be generated bygetSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated bygenerateUserSpecificSalt(String)
...protected java.lang.StringgenerateUserSpecificSalt(java.lang.String uid)Deprecated.This implementation will still return the assigned user id.java.lang.StringgetSalt()Deprecated.Returns the configured SALT (see core-spring-xml).protected java.lang.StringgetSystemSpecificSalt()Deprecated.This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.voidsetSalt(java.lang.String salt)Deprecated.voidsetSaltEncodingPolicy(SaltEncodingPolicy saltEncodingPolicy)Deprecated.-
Methods inherited from class de.hybris.platform.persistence.security.MD5PasswordEncoder
calculateMD5
-
-
-
-
Method Detail
-
encode
public java.lang.String encode(java.lang.String password)
Deprecated.Unsupported method call! You have to useencode(String, String).- Throws:
JaloSystemException- Unsupported method call! You have to useencode(String, String)
-
encode
public java.lang.String encode(java.lang.String uid, java.lang.String password)Deprecated.This implementation will build a string with the following pattern
:: ::
The value for SYSTEM_SPECIFC_SALT will be generated bygetSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated bygenerateUserSpecificSalt(String)
... and will return the MD5 hash of this constructed string.- Specified by:
encodein interfacePasswordEncoder- Overrides:
encodein classMD5PasswordEncoder- Parameters:
uid- the user idpassword- the user password- Returns:
- the MD5 value of the constructed string expression
- See Also:
SaltedMD5PasswordEncoder,PlainTextPasswordEncoder
-
check
public boolean check(java.lang.String encoded, java.lang.String password)Deprecated.
-
check
public boolean check(java.lang.String uid, java.lang.String encoded, java.lang.String password)Deprecated.Calculates the hash of 'plain' and compare it with the value of 'encoded'.- Specified by:
checkin interfacePasswordEncoder- Overrides:
checkin classMD5PasswordEncoder- Parameters:
uid- will be use for 'salt' generation (values will be salted in the following way: [SYSTEM_SPECIFIC_SALT] + [PASSWORD] + [USER_SPECIFC_SALT])
See also:{link #getSystemSpecificSalt()} andgenerateUserSpecificSalt(String).encoded- could be 'null'password- could be 'null'- Returns:
- true if hash of 'plain' is equals to 'encoded'
- See Also:
MD5PasswordEncoder.check(java.lang.String, java.lang.String, java.lang.String)
-
decode
public final java.lang.String decode(java.lang.String encoded) throws EJBCannotDecodePasswordExceptionDeprecated.Description copied from interface:PasswordEncoderDecode the givenencodedpassword. Throws exception if this is not possible.- Specified by:
decodein interfacePasswordEncoder- Overrides:
decodein classMD5PasswordEncoder- Parameters:
encoded- the encoded password- Returns:
- the decoded password
- Throws:
EJBCannotDecodePasswordException- if the password cannot be decoded. (MD5 passwords cannot be decoded)- See Also:
MD5PasswordEncoder
-
generateUserSpecificSalt
protected java.lang.String generateUserSpecificSalt(java.lang.String uid)
Deprecated.This implementation will still return the assigned user id.- Parameters:
uid- the suer id- Returns:
- uid the user id as assigned
-
getSystemSpecificSalt
protected java.lang.String getSystemSpecificSalt()
Deprecated.This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.- Returns:
- systemSpecificSalt the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'
-
getSalt
public java.lang.String getSalt()
Deprecated.Returns the configured SALT (see core-spring-xml).- Returns:
- the configured SALT
-
setSalt
public void setSalt(java.lang.String salt)
Deprecated.
-
setSaltEncodingPolicy
public void setSaltEncodingPolicy(SaltEncodingPolicy saltEncodingPolicy)
Deprecated.
-
-