Class SaltedMD5PasswordEncoder

java.lang.Object
de.hybris.platform.persistence.security.MD5PasswordEncoder
de.hybris.platform.persistence.security.SaltedMD5PasswordEncoder
All Implemented Interfaces:
PasswordEncoder, Serializable
Direct Known Subclasses:
PKbasedSaltedMD5PasswordEncoder

@Deprecated(since="ages", forRemoval=true) public class SaltedMD5PasswordEncoder extends MD5PasswordEncoder
Deprecated, for removal: This API element is subject to removal in a future version.
since ages - deprecated due toGenericSaltedPasswordEncoder introduction and because MD5 is not considered to be safe anymore. It delegates salt-related logic handling to SaltEncodingPolicy bean
The submitted 'password' will be salted in the following way: + + ,

so the usage of "rainbowtables" for cracking the stored passwords is useless!

The value for SYSTEM_SPECIFC_SALT will be generated by getSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated by generateUserSpecificSalt(String)
By implementing these methods in your own way,you are able to adapt the encoding/password check process to your needs.

See Also:
  • Constructor Summary

    Constructors
    Constructor
    Description
    Deprecated, for removal: This API element is subject to removal in a future version.
     
  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    check(String encoded, String password)
    Deprecated, for removal: This API element is subject to removal in a future version.
     
    boolean
    check(String uid, String encoded, String password)
    Deprecated, for removal: This API element is subject to removal in a future version.
    Calculates the hash of 'plain' and compare it with the value of 'encoded'.
    final String
    decode(String encoded)
    Deprecated, for removal: This API element is subject to removal in a future version.
    Decode the given encoded password.
    encode(String password)
    Deprecated, for removal: This API element is subject to removal in a future version.
    Unsupported method call! You have to use encode(String, String).
    encode(String uid, String password)
    Deprecated, for removal: This API element is subject to removal in a future version.
    This implementation will build a string with the following pattern
    ::::
    The value for SYSTEM_SPECIFC_SALT will be generated by getSystemSpecificSalt()
    The Value for USER_SPECIFIC_SALT will be generated by generateUserSpecificSalt(String)
    ...
    protected String
    Deprecated, for removal: This API element is subject to removal in a future version.
    This implementation will still return the assigned user id.
    Deprecated, for removal: This API element is subject to removal in a future version.
    Returns the configured SALT (see core-spring-xml).
    protected String
    Deprecated, for removal: This API element is subject to removal in a future version.
    This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.
    void
    Deprecated, for removal: This API element is subject to removal in a future version.
     
    void
    Deprecated, for removal: This API element is subject to removal in a future version.
     

    Methods inherited from class de.hybris.platform.persistence.security.MD5PasswordEncoder

    calculateMD5

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • SaltedMD5PasswordEncoder

      public SaltedMD5PasswordEncoder()
      Deprecated, for removal: This API element is subject to removal in a future version.
  • Method Details

    • encode

      public String encode(String password)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Unsupported method call! You have to use encode(String, String).
      Throws:
      JaloSystemException - Unsupported method call! You have to use encode(String, String)
    • encode

      public String encode(String uid, String password)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This implementation will build a string with the following pattern
      ::::
      The value for SYSTEM_SPECIFC_SALT will be generated by getSystemSpecificSalt()
      The Value for USER_SPECIFIC_SALT will be generated by generateUserSpecificSalt(String)
      ... and will return the MD5 hash of this constructed string.
      Specified by:
      encode in interface PasswordEncoder
      Overrides:
      encode in class MD5PasswordEncoder
      Parameters:
      uid - the user id
      password - the user password
      Returns:
      the MD5 value of the constructed string expression
      See Also:
    • check

      public boolean check(String encoded, String password)
      Deprecated, for removal: This API element is subject to removal in a future version.
    • check

      public boolean check(String uid, String encoded, String password)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Calculates the hash of 'plain' and compare it with the value of 'encoded'.
      Specified by:
      check in interface PasswordEncoder
      Overrides:
      check in class MD5PasswordEncoder
      Parameters:
      uid - will be use for 'salt' generation (values will be salted in the following way: [SYSTEM_SPECIFIC_SALT] + [PASSWORD] + [USER_SPECIFC_SALT])
      See also:{link #getSystemSpecificSalt()} and generateUserSpecificSalt(String).
      encoded - could be 'null'
      password - could be 'null'
      Returns:
      true if hash of 'plain' is equals to 'encoded'
      See Also:
    • decode

      public final String decode(String encoded) throws EJBCannotDecodePasswordException
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: PasswordEncoder
      Decode the given encoded password. Throws exception if this is not possible.
      Specified by:
      decode in interface PasswordEncoder
      Overrides:
      decode in class MD5PasswordEncoder
      Parameters:
      encoded - the encoded password
      Returns:
      the decoded password
      Throws:
      EJBCannotDecodePasswordException - if the password cannot be decoded. (MD5 passwords cannot be decoded)
      See Also:
    • generateUserSpecificSalt

      protected String generateUserSpecificSalt(String uid)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This implementation will still return the assigned user id.
      Parameters:
      uid - the suer id
      Returns:
      uid the user id as assigned
    • getSystemSpecificSalt

      protected String getSystemSpecificSalt()
      Deprecated, for removal: This API element is subject to removal in a future version.
      This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.
      Returns:
      systemSpecificSalt the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'
    • getSalt

      public String getSalt()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Returns the configured SALT (see core-spring-xml).
       
              
       
      
       
      Returns:
      the configured SALT
    • setSalt

      public void setSalt(String salt)
      Deprecated, for removal: This API element is subject to removal in a future version.
    • setSaltEncodingPolicy

      public void setSaltEncodingPolicy(SaltEncodingPolicy saltEncodingPolicy)
      Deprecated, for removal: This API element is subject to removal in a future version.