Class PBKDF2WithHmacSHA1SaltedPasswordEncoder
java.lang.Object
de.hybris.platform.persistence.security.PBKDF2WithHmacSHA1SaltedPasswordEncoder
- All Implemented Interfaces:
PasswordEncoder,Serializable,org.springframework.beans.factory.InitializingBean
public class PBKDF2WithHmacSHA1SaltedPasswordEncoder
extends Object
implements PasswordEncoder, org.springframework.beans.factory.InitializingBean
Password encoder using the PBKDF2WithHmacSHA1 algorithm.
Note that this encoder is generating a random salt (does not use the user id)! In order to be able to check the salt is stored as part of the encoded hash string.
The encoded format is this: <iterations as int> ':' <salt as hex> ':' <hash as hex>.
It can be made stronger by adjusting the number of iterations (see setIterations(int)) as well as the key
length (see setKeyLength(int)).
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static class -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidprotected byte[]calculateHash(String password, byte[] salt, int iterations, int keyLength) booleanChecks if theencodedpassword (from the user, from the database) and theplainpassword (from the login screen) matches.Decode the givenencodedpassword.Returns the encoded password string based on the implementation of this interface and by the givenplainpassword.voidsetIterations(int iterations) voidsetKeyAlgorithm(String keyAlgorithm) voidsetKeyLength(int keyLength) voidsetSaltAlgorithm(String saltAlgorithm) voidsetSaltLength(int saltLength)
-
Constructor Details
-
PBKDF2WithHmacSHA1SaltedPasswordEncoder
public PBKDF2WithHmacSHA1SaltedPasswordEncoder()
-
-
Method Details
-
afterPropertiesSet
- Specified by:
afterPropertiesSetin interfaceorg.springframework.beans.factory.InitializingBean- Throws:
NoSuchAlgorithmException
-
encode
Description copied from interface:PasswordEncoderReturns the encoded password string based on the implementation of this interface and by the givenplainpassword. The uid can be used as additional salt (see SaltedMD5PasswordEncoder).- Specified by:
encodein interfacePasswordEncoder- Parameters:
uid- mostly userID, mostly not usedpassword- the plain password- Returns:
- the encoded password
- See Also:
-
check
Description copied from interface:PasswordEncoderChecks if theencodedpassword (from the user, from the database) and theplainpassword (from the login screen) matches.- Specified by:
checkin interfacePasswordEncoder- Parameters:
uid- mostly the user ID and mostly not used. For MD5 used as salt.encoded- the encoded passwordplain- the plain text password- Returns:
trueif they match,falseotherwise.- See Also:
-
decode
Description copied from interface:PasswordEncoderDecode the givenencodedpassword. Throws exception if this is not possible.- Specified by:
decodein interfacePasswordEncoder- Parameters:
encoded- the encoded password- Returns:
- the decoded password
- Throws:
EJBCannotDecodePasswordException- if the password cannot be decoded. (MD5 passwords cannot be decoded)- See Also:
-
calculateHash
-
setIterations
public void setIterations(int iterations) -
setKeyLength
public void setKeyLength(int keyLength) -
setKeyAlgorithm
-
setSaltAlgorithm
-
setSaltLength
public void setSaltLength(int saltLength)
-