Class PBKDF2WithHmacSHA1SaltedPasswordEncoder

java.lang.Object
de.hybris.platform.persistence.security.PBKDF2WithHmacSHA1SaltedPasswordEncoder
All Implemented Interfaces:
PasswordEncoder, Serializable, org.springframework.beans.factory.InitializingBean

public class PBKDF2WithHmacSHA1SaltedPasswordEncoder extends Object implements PasswordEncoder, org.springframework.beans.factory.InitializingBean
Password encoder using the PBKDF2WithHmacSHA1 algorithm.

Note that this encoder is generating a random salt (does not use the user id)! In order to be able to check the salt is stored as part of the encoded hash string.

The encoded format is this: <iterations as int> ':' <salt as hex> ':' <hash as hex>.

It can be made stronger by adjusting the number of iterations (see setIterations(int)) as well as the key length (see setKeyLength(int)).

See Also:
  • Constructor Details

    • PBKDF2WithHmacSHA1SaltedPasswordEncoder

      public PBKDF2WithHmacSHA1SaltedPasswordEncoder()
  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet() throws NoSuchAlgorithmException
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      NoSuchAlgorithmException
    • encode

      public String encode(String uid, String password)
      Description copied from interface: PasswordEncoder
      Returns the encoded password string based on the implementation of this interface and by the given plain password. The uid can be used as additional salt (see SaltedMD5PasswordEncoder).
      Specified by:
      encode in interface PasswordEncoder
      Parameters:
      uid - mostly userID, mostly not used
      password - the plain password
      Returns:
      the encoded password
      See Also:
    • check

      public boolean check(String uid, String encoded, String plain)
      Description copied from interface: PasswordEncoder
      Checks if the encoded password (from the user, from the database) and the plain password (from the login screen) matches.
      Specified by:
      check in interface PasswordEncoder
      Parameters:
      uid - mostly the user ID and mostly not used. For MD5 used as salt.
      encoded - the encoded password
      plain - the plain text password
      Returns:
      true if they match, false otherwise.
      See Also:
    • decode

      public String decode(String encoded) throws EJBCannotDecodePasswordException
      Description copied from interface: PasswordEncoder
      Decode the given encoded password. Throws exception if this is not possible.
      Specified by:
      decode in interface PasswordEncoder
      Parameters:
      encoded - the encoded password
      Returns:
      the decoded password
      Throws:
      EJBCannotDecodePasswordException - if the password cannot be decoded. (MD5 passwords cannot be decoded)
      See Also:
    • calculateHash

      protected byte[] calculateHash(String password, byte[] salt, int iterations, int keyLength)
    • setIterations

      public void setIterations(int iterations)
    • setKeyLength

      public void setKeyLength(int keyLength)
    • setKeyAlgorithm

      public void setKeyAlgorithm(String keyAlgorithm)
    • setSaltAlgorithm

      public void setSaltAlgorithm(String saltAlgorithm)
    • setSaltLength

      public void setSaltLength(int saltLength)