• Home
• org.acegisecurity
• acegi-security
• 1.0.0-RC2
• source code
• PlaintextPasswordEncoder.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.acegisecurity.providers.encoding.PlaintextPasswordEncoder Maven / Gradle / Ivy

/* Copyright 2004 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.providers.encoding;

/**
 * 

 * Plaintext implementation of PasswordEncoder.
 * 
 * 
 * 

 * As callers may wish to extract the password and salts separately from the
 * encoded password, the salt must not contain reserved characters
 * (specifically '{' and '}').
 * 
 *
 * @author colin sampaleanu
 * @author Ben Alex
 * @version $Id: PlaintextPasswordEncoder.java,v 1.4 2005/11/17 00:55:49 benalex Exp $
 */
public class PlaintextPasswordEncoder extends BasePasswordEncoder {
    //~ Instance fields ========================================================

    private boolean ignorePasswordCase = false;

    //~ Methods ================================================================

    /**
     * Indicates whether the password comparison is case sensitive.
     * 
     * 

     * Defaults to false, meaning an exact case match is required.
     * 
     *
     * @param ignorePasswordCase set to true for less stringent
     *        comparison
     */
    public void setIgnorePasswordCase(boolean ignorePasswordCase) {
        this.ignorePasswordCase = ignorePasswordCase;
    }

    public boolean isIgnorePasswordCase() {
        return ignorePasswordCase;
    }

    public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
        String pass1 = encPass + "";

        // Strict delimiters is false because pass2 never persisted anywhere
        // and we want to avoid unnecessary exceptions as a result (the
        // authentication will fail as the encodePassword never allows them)
        String pass2 = mergePasswordAndSalt(rawPass, salt, false);

        if (!ignorePasswordCase) {
            return pass1.equals(pass2);
        } else {
            return pass1.equalsIgnoreCase(pass2);
        }
    }

    public String encodePassword(String rawPass, Object salt) {
        return mergePasswordAndSalt(rawPass, salt, true);
    }

    /**
     * Demerges the previously {@link #encodePassword(String,
     * Object)}String.
     * 
     * 

     * The resulting array is guaranteed to always contain two elements. The
     * first is the password, and the second is the salt.
     * 
     * 
     * 

     * Throws an exception if null or an empty String
     * is passed to the method.
     * 
     *
     * @param password from {@link #encodePassword(String, Object)}
     *
     * @return an array containing the password and salt
     */
    public String[] obtainPasswordAndSalt(String password) {
        return demergePasswordAndSalt(password);
    }
}