Package de.hybris.platform.persistence.security

Class SaltedMD5PasswordEncoder

java.lang.Object

de.hybris.platform.persistence.security.MD5PasswordEncoder

de.hybris.platform.persistence.security.SaltedMD5PasswordEncoder

All Implemented Interfaces:

PasswordEncoder, java.io.Serializable

Direct Known Subclasses:

PKbasedSaltedMD5PasswordEncoder

@Deprecated(since="ages",
            forRemoval=true)
public class SaltedMD5PasswordEncoder
extends MD5PasswordEncoder

Deprecated, for removal: This API element is subject to removal in a future version.

since ages - deprecated due toGenericSaltedPasswordEncoder introduction and because MD5 is not considered to be safe anymore. It delegates salt-related logic handling to SaltEncodingPolicy bean

The submitted 'password' will be salted in the following way: + + ,

so the usage of "rainbowtables" for cracking the stored passwords is useless!

The value for SYSTEM_SPECIFC_SALT will be generated by getSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated by generateUserSpecificSalt(String)
By implementing these methods in your own way,you are able to adapt the encoding/password check process to your needs.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor	Description
SaltedMD5PasswordEncoder()	Deprecated, for removal: This API element is subject to removal in a future version.

Method Summary

Modifier and Type	Method	Description
boolean	check(java.lang.String encoded, java.lang.String password)	Deprecated, for removal: This API element is subject to removal in a future version.
boolean	check(java.lang.String uid, java.lang.String encoded, java.lang.String password)	Deprecated, for removal: This API element is subject to removal in a future version. Calculates the hash of 'plain' and compare it with the value of 'encoded'.
java.lang.String	decode(java.lang.String encoded)	Deprecated, for removal: This API element is subject to removal in a future version. Decode the given encoded password.
java.lang.String	encode(java.lang.String password)	Deprecated, for removal: This API element is subject to removal in a future version. Unsupported method call! You have to use encode(String, String).
java.lang.String	encode(java.lang.String uid, java.lang.String password)	Deprecated, for removal: This API element is subject to removal in a future version. This implementation will build a string with the following pattern :::: The value for SYSTEM_SPECIFC_SALT will be generated by getSystemSpecificSalt() The Value for USER_SPECIFIC_SALT will be generated by generateUserSpecificSalt(String) ...
protected java.lang.String	generateUserSpecificSalt(java.lang.String uid)	Deprecated, for removal: This API element is subject to removal in a future version. This implementation will still return the assigned user id.
java.lang.String	getSalt()	Deprecated, for removal: This API element is subject to removal in a future version. Returns the configured SALT (see core-spring-xml).
protected java.lang.String	getSystemSpecificSalt()	Deprecated, for removal: This API element is subject to removal in a future version. This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.
void	setSalt(java.lang.String salt)	Deprecated, for removal: This API element is subject to removal in a future version.
void	setSaltEncodingPolicy(SaltEncodingPolicy saltEncodingPolicy)	Deprecated, for removal: This API element is subject to removal in a future version.

Methods inherited from class de.hybris.platform.persistence.security.MD5PasswordEncoder

calculateMD5

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SaltedMD5PasswordEncoder

public SaltedMD5PasswordEncoder()

Deprecated, for removal: This API element is subject to removal in a future version.

Method Detail

encode

public java.lang.String encode(java.lang.String password)

Deprecated, for removal: This API element is subject to removal in a future version.

Unsupported method call! You have to use encode(String, String).

Throws:

JaloSystemException - Unsupported method call! You have to use encode(String, String)

encode

public java.lang.String encode(java.lang.String uid,
                               java.lang.String password)

Deprecated, for removal: This API element is subject to removal in a future version.

This implementation will build a string with the following pattern
::::
The value for SYSTEM_SPECIFC_SALT will be generated by getSystemSpecificSalt()
The Value for USER_SPECIFIC_SALT will be generated by generateUserSpecificSalt(String)
... and will return the MD5 hash of this constructed string.

Specified by:

encode in interface PasswordEncoder

Overrides:

encode in class MD5PasswordEncoder

Parameters:

uid - the user id

password - the user password

Returns:

the MD5 value of the constructed string expression

See Also:

SaltedMD5PasswordEncoder, PlainTextPasswordEncoder

check

public boolean check(java.lang.String encoded,
                     java.lang.String password)

Deprecated, for removal: This API element is subject to removal in a future version.

check

public boolean check(java.lang.String uid,
                     java.lang.String encoded,
                     java.lang.String password)

Deprecated, for removal: This API element is subject to removal in a future version.

Calculates the hash of 'plain' and compare it with the value of 'encoded'.

Specified by:

check in interface PasswordEncoder

Overrides:

check in class MD5PasswordEncoder

Parameters:

uid - will be use for 'salt' generation (values will be salted in the following way: [SYSTEM_SPECIFIC_SALT] + [PASSWORD] + [USER_SPECIFC_SALT])
See also:{link #getSystemSpecificSalt()} and generateUserSpecificSalt(String).

encoded - could be 'null'

password - could be 'null'

Returns:

true if hash of 'plain' is equals to 'encoded'

See Also:

MD5PasswordEncoder.check(java.lang.String, java.lang.String, java.lang.String)

decode

public final java.lang.String decode(java.lang.String encoded)
                              throws EJBCannotDecodePasswordException

Deprecated, for removal: This API element is subject to removal in a future version.

Description copied from interface: PasswordEncoder

Decode the given encoded password. Throws exception if this is not possible.

Specified by:

decode in interface PasswordEncoder

Overrides:

decode in class MD5PasswordEncoder

Parameters:

encoded - the encoded password

Returns:

the decoded password

Throws:

EJBCannotDecodePasswordException - if the password cannot be decoded. (MD5 passwords cannot be decoded)

See Also:

MD5PasswordEncoder

generateUserSpecificSalt

protected java.lang.String generateUserSpecificSalt(java.lang.String uid)

Deprecated, for removal: This API element is subject to removal in a future version.

This implementation will still return the assigned user id.

Parameters:

uid - the suer id

Returns:

uid the user id as assigned

getSystemSpecificSalt

protected java.lang.String getSystemSpecificSalt()

Deprecated, for removal: This API element is subject to removal in a future version.

This implementation will still return the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'.

Returns:

systemSpecificSalt the value of the corresponding spring property or advanced.properties parameter 'password.md5.salt'

getSalt

public java.lang.String getSalt()

Deprecated, for removal: This API element is subject to removal in a future version.

Returns the configured SALT (see core-spring-xml).

Returns:

the configured SALT

setSalt

public void setSalt(java.lang.String salt)

Deprecated, for removal: This API element is subject to removal in a future version.

setSaltEncodingPolicy

public void setSaltEncodingPolicy(SaltEncodingPolicy saltEncodingPolicy)

Deprecated, for removal: This API element is subject to removal in a future version.