Class SaltedMD5PasswordEncoder
java.lang.Object
de.hybris.platform.persistence.security.MD5PasswordEncoder
de.hybris.platform.persistence.security.SaltedMD5PasswordEncoder
- All Implemented Interfaces:
PasswordEncoder,Serializable
- Direct Known Subclasses:
PKbasedSaltedMD5PasswordEncoder
@Deprecated(since="ages",
forRemoval=true)
public class SaltedMD5PasswordEncoder
extends MD5PasswordEncoder
Deprecated, for removal: This API element is subject to removal in a future version.
The submitted 'password' will be salted in the following way: + +
,
so the usage of "rainbowtables" for cracking the stored passwords is useless!
The value for SYSTEM_SPECIFC_SALT will be generated by
The Value for USER_SPECIFIC_SALT will be generated by
By implementing these methods in your own way,you are able to adapt the encoding/password check process to your needs.
getSystemSpecificSalt()The Value for USER_SPECIFIC_SALT will be generated by
generateUserSpecificSalt(String)By implementing these methods in your own way,you are able to adapt the encoding/password check process to your needs.
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionDeprecated, for removal: This API element is subject to removal in a future version. -
Method Summary
Modifier and TypeMethodDescriptionbooleanDeprecated, for removal: This API element is subject to removal in a future version.booleanDeprecated, for removal: This API element is subject to removal in a future version.Calculates the hash of 'plain' and compare it with the value of 'encoded'.final StringDeprecated, for removal: This API element is subject to removal in a future version.Decode the givenencodedpassword.Deprecated, for removal: This API element is subject to removal in a future version.Unsupported method call! You have to useencode(String, String).Deprecated, for removal: This API element is subject to removal in a future version.This implementation will build a string with the following pattern
:: ::
The value for SYSTEM_SPECIFC_SALT will be generated bygetSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated bygenerateUserSpecificSalt(String)
...protected StringDeprecated, for removal: This API element is subject to removal in a future version.This implementation will still return the assigned user id.getSalt()Deprecated, for removal: This API element is subject to removal in a future version.Returns the configured SALT (see core-spring-xml).protected StringDeprecated, for removal: This API element is subject to removal in a future version.This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.voidDeprecated, for removal: This API element is subject to removal in a future version.voidsetSaltEncodingPolicy(SaltEncodingPolicy saltEncodingPolicy) Deprecated, for removal: This API element is subject to removal in a future version.Methods inherited from class de.hybris.platform.persistence.security.MD5PasswordEncoder
calculateMD5
-
Constructor Details
-
SaltedMD5PasswordEncoder
public SaltedMD5PasswordEncoder()Deprecated, for removal: This API element is subject to removal in a future version.
-
-
Method Details
-
encode
Deprecated, for removal: This API element is subject to removal in a future version.Unsupported method call! You have to useencode(String, String).- Throws:
JaloSystemException- Unsupported method call! You have to useencode(String, String)
-
encode
Deprecated, for removal: This API element is subject to removal in a future version.This implementation will build a string with the following pattern
:: ::
The value for SYSTEM_SPECIFC_SALT will be generated bygetSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated bygenerateUserSpecificSalt(String)
... and will return the MD5 hash of this constructed string.- Specified by:
encodein interfacePasswordEncoder- Overrides:
encodein classMD5PasswordEncoder- Parameters:
uid- the user idpassword- the user password- Returns:
- the MD5 value of the constructed string expression
- See Also:
-
check
Deprecated, for removal: This API element is subject to removal in a future version. -
check
Deprecated, for removal: This API element is subject to removal in a future version.Calculates the hash of 'plain' and compare it with the value of 'encoded'.- Specified by:
checkin interfacePasswordEncoder- Overrides:
checkin classMD5PasswordEncoder- Parameters:
uid- will be use for 'salt' generation (values will be salted in the following way: [SYSTEM_SPECIFIC_SALT] + [PASSWORD] + [USER_SPECIFC_SALT])
See also:{link #getSystemSpecificSalt()} andgenerateUserSpecificSalt(String).encoded- could be 'null'password- could be 'null'- Returns:
- true if hash of 'plain' is equals to 'encoded'
- See Also:
-
decode
Deprecated, for removal: This API element is subject to removal in a future version.Description copied from interface:PasswordEncoderDecode the givenencodedpassword. Throws exception if this is not possible.- Specified by:
decodein interfacePasswordEncoder- Overrides:
decodein classMD5PasswordEncoder- Parameters:
encoded- the encoded password- Returns:
- the decoded password
- Throws:
EJBCannotDecodePasswordException- if the password cannot be decoded. (MD5 passwords cannot be decoded)- See Also:
-
generateUserSpecificSalt
Deprecated, for removal: This API element is subject to removal in a future version.This implementation will still return the assigned user id.- Parameters:
uid- the suer id- Returns:
- uid the user id as assigned
-
getSystemSpecificSalt
Deprecated, for removal: This API element is subject to removal in a future version.This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.- Returns:
- systemSpecificSalt the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'
-
getSalt
Deprecated, for removal: This API element is subject to removal in a future version.Returns the configured SALT (see core-spring-xml).- Returns:
- the configured SALT
-
setSalt
Deprecated, for removal: This API element is subject to removal in a future version. -
setSaltEncodingPolicy
Deprecated, for removal: This API element is subject to removal in a future version.
-
GenericSaltedPasswordEncoderintroduction and because MD5 is not considered to be safe anymore. It delegates salt-related logic handling toSaltEncodingPolicybean