Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
PasswordService |
|
| 1.0;1 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, | |
13 | * software distributed under the License is distributed on an | |
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
15 | * KIND, either express or implied. See the License for the | |
16 | * specific language governing permissions and limitations | |
17 | * under the License. | |
18 | */ | |
19 | package org.apache.shiro.authc.credential; | |
20 | ||
21 | import org.apache.shiro.util.ByteSource; | |
22 | ||
23 | /** | |
24 | * A {@code PasswordService} supports common use cases when using passwords as a credentials mechanism. | |
25 | * <p/> | |
26 | * Most importantly, implementations of this interface are expected to employ best-practices to ensure that | |
27 | * passwords remain as safe as possible in application environments. | |
28 | * <h2>Usage</h2> | |
29 | * A {@code PasswordService} is used at two different times during an application's lifecycle: | |
30 | * <ul> | |
31 | * <li>When creating a user account or resetting their password</li> | |
32 | * <li>When a user logs in, when passwords must be compared</li> | |
33 | * </ul> | |
34 | * <h3>Account Creation or Password Reset</h3> | |
35 | * Whenever you create a new user account or reset that account's password, we must translate the end-user submitted | |
36 | * raw/plaintext password value to a string format that is much safer to store. You do that by calling the | |
37 | * {@link #encryptPassword(Object)} method to create the safer value. For | |
38 | * example: | |
39 | * <pre> | |
40 | * String submittedPlaintextPassword = ... | |
41 | * String encryptedValue = passwordService.encryptPassword(submittedPlaintextPassword); | |
42 | * ... | |
43 | * userAccount.setPassword(encryptedValue); | |
44 | * userAccount.save(); //create or update to your data store | |
45 | * </pre> | |
46 | * Be sure to save this encrypted password in your data store and never the original/raw submitted password. | |
47 | * <h3>Login Password Comparison</h3> | |
48 | * Shiro performs the comparison during login automatically. Along with your {@code PasswordService}, you just | |
49 | * have to configure a {@link PasswordMatcher} on a realm that has password-based accounts. During a login attempt, | |
50 | * shiro will use the {@code PasswordMatcher} and the {@code PasswordService} to automatically compare submitted | |
51 | * passwords. | |
52 | * <p/> | |
53 | * For example, if using Shiro's INI, here is how you might configure the PasswordMatcher and PasswordService: | |
54 | * <pre> | |
55 | * [main] | |
56 | * ... | |
57 | * passwordService = org.apache.shiro.authc.credential.DefaultPasswordService | |
58 | * # configure the passwordService to use the settings you desire | |
59 | * ... | |
60 | * passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher | |
61 | * passwordMatcher.passwordService = $passwordService | |
62 | * ... | |
63 | * # Finally, set the matcher on a realm that requires password matching for account authentication: | |
64 | * myRealm = ... | |
65 | * myRealm.credentialsMatcher = $passwordMatcher | |
66 | * </pre> | |
67 | * | |
68 | * @see DefaultPasswordService | |
69 | * @see PasswordMatcher | |
70 | * @since 1.2 | |
71 | */ | |
72 | public interface PasswordService { | |
73 | ||
74 | /** | |
75 | * Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset' | |
76 | * workflow) into a formatted string safe for storage. The returned string can be safely saved with the | |
77 | * corresponding user account record (e.g. as a 'password' attribute). | |
78 | * <p/> | |
79 | * It is expected that the String returned from this method will be presented to the | |
80 | * {@link #passwordsMatch(Object, String) passwordsMatch(plaintext,encrypted)} method when performing a | |
81 | * password comparison check. | |
82 | * <h3>Usage</h3> | |
83 | * The input argument type can be any 'byte backed' {@code Object} - almost always either a | |
84 | * String or character array representing passwords (character arrays are often a safer way to represent passwords | |
85 | * as they can be cleared/nulled-out after use. Any argument type supported by | |
86 | * {@link ByteSource.Util#isCompatible(Object)} is valid. | |
87 | * <p/> | |
88 | * For example: | |
89 | * <pre> | |
90 | * String rawPassword = ... | |
91 | * String encryptedValue = passwordService.encryptPassword(rawPassword); | |
92 | * </pre> | |
93 | * or, identically: | |
94 | * <pre> | |
95 | * char[] rawPasswordChars = ... | |
96 | * String encryptedValue = passwordService.encryptPassword(rawPasswordChars); | |
97 | * </pre> | |
98 | * <p/> | |
99 | * The resulting {@code encryptedValue} should be stored with the account to be retrieved later during a | |
100 | * login attempt. For example: | |
101 | * <pre> | |
102 | * String encryptedValue = passwordService.encryptPassword(rawPassword); | |
103 | * ... | |
104 | * userAccount.setPassword(encryptedValue); | |
105 | * userAccount.save(); //create or update to your data store | |
106 | * </pre> | |
107 | * | |
108 | * @param plaintextPassword the raw password as 'byte-backed' object (String, character array, {@link ByteSource}, | |
109 | * etc) usually acquired from your application's 'new user' or 'password reset' workflow. | |
110 | * @return the encrypted password, formatted for storage. | |
111 | * @throws IllegalArgumentException if the argument cannot be easily converted to bytes as defined by | |
112 | * {@link ByteSource.Util#isCompatible(Object)}. | |
113 | * @see ByteSource.Util#isCompatible(Object) | |
114 | */ | |
115 | String encryptPassword(Object plaintextPassword) throws IllegalArgumentException; | |
116 | ||
117 | /** | |
118 | * Returns {@code true} if the {@code submittedPlaintext} password matches the existing {@code saved} password, | |
119 | * {@code false} otherwise. | |
120 | * <h3>Usage</h3> | |
121 | * The {@code submittedPlaintext} argument type can be any 'byte backed' {@code Object} - almost always either a | |
122 | * String or character array representing passwords (character arrays are often a safer way to represent passwords | |
123 | * as they can be cleared/nulled-out after use. Any argument type supported by | |
124 | * {@link ByteSource.Util#isCompatible(Object)} is valid. | |
125 | * <p/> | |
126 | * For example: | |
127 | * <pre> | |
128 | * String submittedPassword = ... | |
129 | * passwordService.passwordsMatch(submittedPassword, encryptedPassword); | |
130 | * </pre> | |
131 | * or similarly: | |
132 | * <pre> | |
133 | * char[] submittedPasswordCharacters = ... | |
134 | * passwordService.passwordsMatch(submittedPasswordCharacters, encryptedPassword); | |
135 | * </pre> | |
136 | * | |
137 | * @param submittedPlaintext a raw/plaintext password submitted by an end user/Subject. | |
138 | * @param encrypted the previously encrypted password known to be associated with an account. | |
139 | * This value is expected to have been previously generated from the | |
140 | * {@link #encryptPassword(Object) encryptPassword} method (typically | |
141 | * when the account is created or the account's password is reset). | |
142 | * @return {@code true} if the {@code submittedPlaintext} password matches the existing {@code saved} password, | |
143 | * {@code false} otherwise. | |
144 | * @see ByteSource.Util#isCompatible(Object) | |
145 | */ | |
146 | boolean passwordsMatch(Object submittedPlaintext, String encrypted); | |
147 | } |