Coverage Report

Coverage Report - org.apache.shiro.authc.credential.HashingPasswordService

Classes in this File

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.authc.credential;
 
 import org.apache.shiro.crypto.hash.Hash;
 import org.apache.shiro.util.ByteSource;
 
 /**
  * A {@code HashingPasswordService} is a {@link PasswordService} that performs password encryption and comparisons
  * based on cryptographic {@link Hash}es.
  *
  * @since 1.2
  */
 public interface HashingPasswordService extends PasswordService {
 
     /**
      * Hashes the specified plaintext password using internal hashing configuration settings pertinent to password
      * hashing.
      * <p/>
      * Note
      * that this method is only likely to be used in more complex environments that wish to format and/or save the
      * returned {@code Hash} object in a custom manner.  Most applications will find the
      * {@link #encryptPassword(Object) encryptPassword} method suitable enough for safety
      * and ease-of-use.
      * <h3>Usage</h3>
      * The input argument type can be any 'byte backed' {@code Object} - almost always either a
      * String or character array representing passwords (character arrays are often a safer way to represent passwords
      * as they can be cleared/nulled-out after use.  Any argument type supported by
      * {@link ByteSource.Util#isCompatible(Object)} is valid.
      * <p/>
      * Regardless of your choice of using Strings or character arrays to represent submitted passwords, you can wrap
      * either as a {@code ByteSource} by using {@link ByteSource.Util}, for example, when the passwords are captured as
      * Strings:
      * <pre>
      * ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordString);
      * Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
      * </pre>
      * or, identically, when captured as a character array:
      * <pre>
      * ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordCharacterArray);
      * Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
      * </pre>
      *
      * @param plaintext the raw password as 'byte-backed' object (String, character array, {@link ByteSource},
      *                  etc) usually acquired from your application's 'new user' or 'password reset' workflow.
      * @return the hashed password.
      * @throws IllegalArgumentException if the argument cannot be easily converted to bytes as defined by
      *                                  {@link ByteSource.Util#isCompatible(Object)}.
      * @see ByteSource.Util#isCompatible(Object)
      * @see #encryptPassword(Object)
      */
     Hash hashPassword(Object plaintext) throws IllegalArgumentException;
 
     /**
      * Returns {@code true} if the {@code submittedPlaintext} password matches the existing {@code savedPasswordHash},
      * {@code false} otherwise.  Note that this method is only likely to be used in more complex environments that
      * save hashes in a custom manner.  Most applications will find the
      * {@link #passwordsMatch(Object, String) passwordsMatch(plaintext,string)} method
      * sufficient if {@link #encryptPassword(Object) encrypting passwords as Strings}.
      * <h3>Usage</h3>
      * The {@code submittedPlaintext} argument type can be any 'byte backed' {@code Object} - almost always either a
      * String or character array representing passwords (character arrays are often a safer way to represent passwords
      * as they can be cleared/nulled-out after use.  Any argument type supported by
      * {@link ByteSource.Util#isCompatible(Object)} is valid.
      *
      * @param plaintext a raw/plaintext password submitted by an end user/Subject.
      * @param savedPasswordHash  the previously hashed password known to be associated with an account.
      *                           This value is expected to have been previously generated from the
      *                           {@link #hashPassword(Object) hashPassword} method (typically
      *                           when the account is created or the account's password is reset).
      * @return {@code true} if the {@code plaintext} password matches the existing {@code savedPasswordHash},
      *         {@code false} otherwise.
      */
     boolean passwordsMatch(Object plaintext, Hash savedPasswordHash);
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro.authc.credential;
20
21		import org.apache.shiro.crypto.hash.Hash;
22		import org.apache.shiro.util.ByteSource;
23
24		/**
25		* A {@code HashingPasswordService} is a {@link PasswordService} that performs password encryption and comparisons
26		* based on cryptographic {@link Hash}es.
27		*
28		* @since 1.2
29		*/
30		public interface HashingPasswordService extends PasswordService {
31
32		/**
33		* Hashes the specified plaintext password using internal hashing configuration settings pertinent to password
34		* hashing.
35		* <p/>
36		* Note
37		* that this method is only likely to be used in more complex environments that wish to format and/or save the
38		* returned {@code Hash} object in a custom manner. Most applications will find the
39		* {@link #encryptPassword(Object) encryptPassword} method suitable enough for safety
40		* and ease-of-use.
41		* <h3>Usage</h3>
42		* The input argument type can be any 'byte backed' {@code Object} - almost always either a
43		* String or character array representing passwords (character arrays are often a safer way to represent passwords
44		* as they can be cleared/nulled-out after use. Any argument type supported by
45		* {@link ByteSource.Util#isCompatible(Object)} is valid.
46		* <p/>
47		* Regardless of your choice of using Strings or character arrays to represent submitted passwords, you can wrap
48		* either as a {@code ByteSource} by using {@link ByteSource.Util}, for example, when the passwords are captured as
49		* Strings:
50		* <pre>
51		* ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordString);
52		* Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
53		* </pre>
54		* or, identically, when captured as a character array:
55		* <pre>
56		* ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordCharacterArray);
57		* Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
58		* </pre>
59		*
60		* @param plaintext the raw password as 'byte-backed' object (String, character array, {@link ByteSource},
61		* etc) usually acquired from your application's 'new user' or 'password reset' workflow.
62		* @return the hashed password.
63		* @throws IllegalArgumentException if the argument cannot be easily converted to bytes as defined by
64		* {@link ByteSource.Util#isCompatible(Object)}.
65		* @see ByteSource.Util#isCompatible(Object)
66		* @see #encryptPassword(Object)
67		*/
68		Hash hashPassword(Object plaintext) throws IllegalArgumentException;
69
70		/**
71		* Returns {@code true} if the {@code submittedPlaintext} password matches the existing {@code savedPasswordHash},
72		* {@code false} otherwise. Note that this method is only likely to be used in more complex environments that
73		* save hashes in a custom manner. Most applications will find the
74		* {@link #passwordsMatch(Object, String) passwordsMatch(plaintext,string)} method
75		* sufficient if {@link #encryptPassword(Object) encrypting passwords as Strings}.
76		* <h3>Usage</h3>
77		* The {@code submittedPlaintext} argument type can be any 'byte backed' {@code Object} - almost always either a
78		* String or character array representing passwords (character arrays are often a safer way to represent passwords
79		* as they can be cleared/nulled-out after use. Any argument type supported by
80		* {@link ByteSource.Util#isCompatible(Object)} is valid.
81		*
82		* @param plaintext a raw/plaintext password submitted by an end user/Subject.
83		* @param savedPasswordHash the previously hashed password known to be associated with an account.
84		* This value is expected to have been previously generated from the
85		* {@link #hashPassword(Object) hashPassword} method (typically
86		* when the account is created or the account's password is reset).
87		* @return {@code true} if the {@code plaintext} password matches the existing {@code savedPasswordHash},
88		* {@code false} otherwise.
89		*/
90		boolean passwordsMatch(Object plaintext, Hash savedPasswordHash);
91		}