| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||||||
| PlaintextPasswordEncoder |
|
| 1.4;1.4 |
| 1 | /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited |
|
| 2 | * |
|
| 3 | * Licensed under the Apache License, Version 2.0 (the "License"); |
|
| 4 | * you may not use this file except in compliance with the License. |
|
| 5 | * You may obtain a copy of the License at |
|
| 6 | * |
|
| 7 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 8 | * |
|
| 9 | * Unless required by applicable law or agreed to in writing, software |
|
| 10 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 12 | * See the License for the specific language governing permissions and |
|
| 13 | * limitations under the License. |
|
| 14 | */ |
|
| 15 | ||
| 16 | package org.acegisecurity.providers.encoding; |
|
| 17 | ||
| 18 | /** |
|
| 19 | * <p>Plaintext implementation of PasswordEncoder.</p> |
|
| 20 | * <P>As callers may wish to extract the password and salts separately from the encoded password, the salt must |
|
| 21 | * not contain reserved characters (specifically '{' and '}').</p> |
|
| 22 | * |
|
| 23 | * @author colin sampaleanu |
|
| 24 | * @author Ben Alex |
|
| 25 | * @version $Id: PlaintextPasswordEncoder.java 1496 2006-05-23 13:38:33Z benalex $ |
|
| 26 | */ |
|
| 27 | 40 | public class PlaintextPasswordEncoder extends BasePasswordEncoder { |
| 28 | //~ Instance fields ================================================================================================ |
|
| 29 | ||
| 30 | 40 | private boolean ignorePasswordCase = false; |
| 31 | ||
| 32 | //~ Methods ======================================================================================================== |
|
| 33 | ||
| 34 | public String encodePassword(String rawPass, Object salt) { |
|
| 35 | 4 | return mergePasswordAndSalt(rawPass, salt, true); |
| 36 | } |
|
| 37 | ||
| 38 | public boolean isIgnorePasswordCase() { |
|
| 39 | 1 | return ignorePasswordCase; |
| 40 | } |
|
| 41 | ||
| 42 | public boolean isPasswordValid(String encPass, String rawPass, Object salt) { |
|
| 43 | 25 | String pass1 = encPass + ""; |
| 44 | ||
| 45 | // Strict delimiters is false because pass2 never persisted anywhere |
|
| 46 | // and we want to avoid unnecessary exceptions as a result (the |
|
| 47 | // authentication will fail as the encodePassword never allows them) |
|
| 48 | 25 | String pass2 = mergePasswordAndSalt(rawPass, salt, false); |
| 49 | ||
| 50 | 25 | if (!ignorePasswordCase) { |
| 51 | 23 | return pass1.equals(pass2); |
| 52 | } else { |
|
| 53 | 2 | return pass1.equalsIgnoreCase(pass2); |
| 54 | } |
|
| 55 | } |
|
| 56 | ||
| 57 | /** |
|
| 58 | * Demerges the previously {@link #encodePassword(String, Object)}<code>String</code>.<P>The resulting |
|
| 59 | * array is guaranteed to always contain two elements. The first is the password, and the second is the salt.</p> |
|
| 60 | * <P>Throws an exception if <code>null</code> or an empty <code>String</code> is passed to the method.</p> |
|
| 61 | * |
|
| 62 | * @param password from {@link #encodePassword(String, Object)} |
|
| 63 | * |
|
| 64 | * @return an array containing the password and salt |
|
| 65 | */ |
|
| 66 | public String[] obtainPasswordAndSalt(String password) { |
|
| 67 | 1 | return demergePasswordAndSalt(password); |
| 68 | } |
|
| 69 | ||
| 70 | /** |
|
| 71 | * Indicates whether the password comparison is case sensitive.<P>Defaults to <code>false</code>, meaning |
|
| 72 | * an exact case match is required.</p> |
|
| 73 | * |
|
| 74 | * @param ignorePasswordCase set to <code>true</code> for less stringent comparison |
|
| 75 | */ |
|
| 76 | public void setIgnorePasswordCase(boolean ignorePasswordCase) { |
|
| 77 | 1 | this.ignorePasswordCase = ignorePasswordCase; |
| 78 | 1 | } |
| 79 | } |