| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!--NewPage--> |
| <HTML> |
| <HEAD> |
| <!-- Generated by javadoc (build 1.6.0_65) on Tue Feb 25 18:15:45 EST 2014 --> |
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <TITLE> |
| PasswordService (Apache Shiro 1.2.3 API) |
| </TITLE> |
| |
| <META NAME="date" CONTENT="2014-02-25"> |
| |
| <LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style"> |
| |
| <SCRIPT type="text/javascript"> |
| function windowTitle() |
| { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="PasswordService (Apache Shiro 1.2.3 API)"; |
| } |
| } |
| </SCRIPT> |
| <NOSCRIPT> |
| </NOSCRIPT> |
| |
| </HEAD> |
| |
| <BODY BGCOLOR="white" onload="windowTitle();"> |
| <HR> |
| |
| |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <A NAME="navbar_top"><!-- --></A> |
| <A HREF="#skip-navbar_top" title="Skip navigation links"></A> |
| <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> |
| <TR> |
| <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> |
| <A NAME="navbar_top_firstrow"><!-- --></A> |
| <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> |
| <TR ALIGN="center" VALIGN="top"> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> |
| <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/PasswordService.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A> </TD> |
| </TR> |
| </TABLE> |
| </TD> |
| <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> |
| </EM> |
| </TD> |
| </TR> |
| |
| <TR> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><B>PREV CLASS</B></A> |
| <A HREF="../../../../../org/apache/shiro/authc/credential/Sha1CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential"><B>NEXT CLASS</B></A></FONT></TD> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../../index.html?org/apache/shiro/authc/credential/PasswordService.html" target="_top"><B>FRAMES</B></A> |
| <A HREF="PasswordService.html" target="_top"><B>NO FRAMES</B></A> |
| <SCRIPT type="text/javascript"> |
| <!-- |
| if(window==top) { |
| document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>'); |
| } |
| //--> |
| </SCRIPT> |
| <NOSCRIPT> |
| <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A> |
| </NOSCRIPT> |
| |
| |
| </FONT></TD> |
| </TR> |
| <TR> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> |
| </TR> |
| </TABLE> |
| <A NAME="skip-navbar_top"></A> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| |
| <HR> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <H2> |
| <FONT SIZE="-1"> |
| org.apache.shiro.authc.credential</FONT> |
| <BR> |
| Interface PasswordService</H2> |
| <DL> |
| <DT><B>All Known Subinterfaces:</B> <DD><A HREF="../../../../../org/apache/shiro/authc/credential/HashingPasswordService.html" title="interface in org.apache.shiro.authc.credential">HashingPasswordService</A></DD> |
| </DL> |
| <DL> |
| <DT><B>All Known Implementing Classes:</B> <DD><A HREF="../../../../../org/apache/shiro/authc/credential/DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential">DefaultPasswordService</A></DD> |
| </DL> |
| <HR> |
| <DL> |
| <DT><PRE>public interface <A HREF="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.72"><B>PasswordService</B></A></DL> |
| </PRE> |
| |
| <P> |
| A <code>PasswordService</code> supports common use cases when using passwords as a credentials mechanism. |
| <p/> |
| Most importantly, implementations of this interface are expected to employ best-practices to ensure that |
| passwords remain as safe as possible in application environments. |
| <h2>Usage</h2> |
| A <code>PasswordService</code> is used at two different times during an application's lifecycle: |
| <ul> |
| <li>When creating a user account or resetting their password</li> |
| <li>When a user logs in, when passwords must be compared</li> |
| </ul> |
| <h3>Account Creation or Password Reset</h3> |
| Whenever you create a new user account or reset that account's password, we must translate the end-user submitted |
| raw/plaintext password value to a string format that is much safer to store. You do that by calling the |
| <A HREF="../../../../../org/apache/shiro/authc/credential/PasswordService.html#encryptPassword(java.lang.Object)"><CODE>encryptPassword(Object)</CODE></A> method to create the safer value. For |
| example: |
| <pre> |
| String submittedPlaintextPassword = ... |
| String encryptedValue = passwordService.encryptPassword(submittedPlaintextPassword); |
| ... |
| userAccount.setPassword(encryptedValue); |
| userAccount.save(); //create or update to your data store |
| </pre> |
| Be sure to save this encrypted password in your data store and never the original/raw submitted password. |
| <h3>Login Password Comparison</h3> |
| Shiro performs the comparison during login automatically. Along with your <code>PasswordService</code>, you just |
| have to configure a <A HREF="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><CODE>PasswordMatcher</CODE></A> on a realm that has password-based accounts. During a login attempt, |
| shiro will use the <code>PasswordMatcher</code> and the <code>PasswordService</code> to automatically compare submitted |
| passwords. |
| <p/> |
| For example, if using Shiro's INI, here is how you might configure the PasswordMatcher and PasswordService: |
| <pre> |
| [main] |
| ... |
| passwordService = org.apache.shiro.authc.credential.DefaultPasswordService |
| # configure the passwordService to use the settings you desire |
| ... |
| passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher |
| passwordMatcher.passwordService = $passwordService |
| ... |
| # Finally, set the matcher on a realm that requires password matching for account authentication: |
| myRealm = ... |
| myRealm.credentialsMatcher = $passwordMatcher |
| </pre> |
| <P> |
| |
| <P> |
| <DL> |
| <DT><B>Since:</B></DT> |
| <DD>1.2</DD> |
| <DT><B>See Also:</B><DD><A HREF="../../../../../org/apache/shiro/authc/credential/DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential"><CODE>DefaultPasswordService</CODE></A>, |
| <A HREF="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><CODE>PasswordMatcher</CODE></A></DL> |
| <HR> |
| |
| <P> |
| |
| <!-- ========== METHOD SUMMARY =========== --> |
| |
| <A NAME="method_summary"><!-- --></A> |
| <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> |
| <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> |
| <TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2"> |
| <B>Method Summary</B></FONT></TH> |
| </TR> |
| <TR BGCOLOR="white" CLASS="TableRowColor"> |
| <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> |
| <CODE> <A HREF="http://java.sun.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A></CODE></FONT></TD> |
| <TD><CODE><B><A HREF="../../../../../org/apache/shiro/authc/credential/PasswordService.html#encryptPassword(java.lang.Object)">encryptPassword</A></B>(<A HREF="http://java.sun.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A> plaintextPassword)</CODE> |
| |
| <BR> |
| Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset' |
| workflow) into a formatted string safe for storage.</TD> |
| </TR> |
| <TR BGCOLOR="white" CLASS="TableRowColor"> |
| <TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1"> |
| <CODE> boolean</CODE></FONT></TD> |
| <TD><CODE><B><A HREF="../../../../../org/apache/shiro/authc/credential/PasswordService.html#passwordsMatch(java.lang.Object, java.lang.String)">passwordsMatch</A></B>(<A HREF="http://java.sun.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A> submittedPlaintext, |
| <A HREF="http://java.sun.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A> encrypted)</CODE> |
| |
| <BR> |
| Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password, |
| <code>false</code> otherwise.</TD> |
| </TR> |
| </TABLE> |
| |
| <P> |
| |
| <!-- ============ METHOD DETAIL ========== --> |
| |
| <A NAME="method_detail"><!-- --></A> |
| <TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY=""> |
| <TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor"> |
| <TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2"> |
| <B>Method Detail</B></FONT></TH> |
| </TR> |
| </TABLE> |
| |
| <A NAME="encryptPassword(java.lang.Object)"><!-- --></A><H3> |
| encryptPassword</H3> |
| <PRE> |
| <A HREF="http://java.sun.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A> <A HREF="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.115"><B>encryptPassword</B></A>(<A HREF="http://java.sun.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A> plaintextPassword) |
| throws <A HREF="http://java.sun.com/javase/6/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</A></PRE> |
| <DL> |
| <DD>Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset' |
| workflow) into a formatted string safe for storage. The returned string can be safely saved with the |
| corresponding user account record (e.g. as a 'password' attribute). |
| <p/> |
| It is expected that the String returned from this method will be presented to the |
| <A HREF="../../../../../org/apache/shiro/authc/credential/PasswordService.html#passwordsMatch(java.lang.Object, java.lang.String)"><CODE>passwordsMatch(plaintext,encrypted)</CODE></A> method when performing a |
| password comparison check. |
| <h3>Usage</h3> |
| The input argument type can be any 'byte backed' <code>Object</code> - almost always either a |
| String or character array representing passwords (character arrays are often a safer way to represent passwords |
| as they can be cleared/nulled-out after use. Any argument type supported by |
| <CODE>ByteSource.Util#isCompatible(Object)</CODE> is valid. |
| <p/> |
| For example: |
| <pre> |
| String rawPassword = ... |
| String encryptedValue = passwordService.encryptPassword(rawPassword); |
| </pre> |
| or, identically: |
| <pre> |
| char[] rawPasswordChars = ... |
| String encryptedValue = passwordService.encryptPassword(rawPasswordChars); |
| </pre> |
| <p/> |
| The resulting <code>encryptedValue</code> should be stored with the account to be retrieved later during a |
| login attempt. For example: |
| <pre> |
| String encryptedValue = passwordService.encryptPassword(rawPassword); |
| ... |
| userAccount.setPassword(encryptedValue); |
| userAccount.save(); //create or update to your data store |
| </pre> |
| <P> |
| <DD><DL> |
| <DT><B>Parameters:</B><DD><CODE>plaintextPassword</CODE> - the raw password as 'byte-backed' object (String, character array, <A HREF="../../../../../org/apache/shiro/util/ByteSource.html" title="interface in org.apache.shiro.util"><CODE>ByteSource</CODE></A>, |
| etc) usually acquired from your application's 'new user' or 'password reset' workflow. |
| <DT><B>Returns:</B><DD>the encrypted password, formatted for storage. |
| <DT><B>Throws:</B> |
| <DD><CODE><A HREF="http://java.sun.com/javase/6/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</A></CODE> - if the argument cannot be easily converted to bytes as defined by |
| <CODE>ByteSource.Util#isCompatible(Object)</CODE>.<DT><B>See Also:</B><DD><CODE>ByteSource.Util#isCompatible(Object)</CODE></DL> |
| </DD> |
| </DL> |
| <HR> |
| |
| <A NAME="passwordsMatch(java.lang.Object, java.lang.String)"><!-- --></A><H3> |
| passwordsMatch</H3> |
| <PRE> |
| boolean <A HREF="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.146"><B>passwordsMatch</B></A>(<A HREF="http://java.sun.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</A> submittedPlaintext, |
| <A HREF="http://java.sun.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A> encrypted)</PRE> |
| <DL> |
| <DD>Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password, |
| <code>false</code> otherwise. |
| <h3>Usage</h3> |
| The <code>submittedPlaintext</code> argument type can be any 'byte backed' <code>Object</code> - almost always either a |
| String or character array representing passwords (character arrays are often a safer way to represent passwords |
| as they can be cleared/nulled-out after use. Any argument type supported by |
| <CODE>ByteSource.Util#isCompatible(Object)</CODE> is valid. |
| <p/> |
| For example: |
| <pre> |
| String submittedPassword = ... |
| passwordService.passwordsMatch(submittedPassword, encryptedPassword); |
| </pre> |
| or similarly: |
| <pre> |
| char[] submittedPasswordCharacters = ... |
| passwordService.passwordsMatch(submittedPasswordCharacters, encryptedPassword); |
| </pre> |
| <P> |
| <DD><DL> |
| <DT><B>Parameters:</B><DD><CODE>submittedPlaintext</CODE> - a raw/plaintext password submitted by an end user/Subject.<DD><CODE>encrypted</CODE> - the previously encrypted password known to be associated with an account. |
| This value is expected to have been previously generated from the |
| <A HREF="../../../../../org/apache/shiro/authc/credential/PasswordService.html#encryptPassword(java.lang.Object)"><CODE>encryptPassword</CODE></A> method (typically |
| when the account is created or the account's password is reset). |
| <DT><B>Returns:</B><DD><code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password, |
| <code>false</code> otherwise.<DT><B>See Also:</B><DD><CODE>ByteSource.Util#isCompatible(Object)</CODE></DL> |
| </DD> |
| </DL> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <HR> |
| |
| |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <A NAME="navbar_bottom"><!-- --></A> |
| <A HREF="#skip-navbar_bottom" title="Skip navigation links"></A> |
| <TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY=""> |
| <TR> |
| <TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> |
| <A NAME="navbar_bottom_firstrow"><!-- --></A> |
| <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY=""> |
| <TR ALIGN="center" VALIGN="top"> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A> </TD> |
| <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> <FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/PasswordService.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A> </TD> |
| <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A> </TD> |
| </TR> |
| </TABLE> |
| </TD> |
| <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM> |
| </EM> |
| </TD> |
| </TR> |
| |
| <TR> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><B>PREV CLASS</B></A> |
| <A HREF="../../../../../org/apache/shiro/authc/credential/Sha1CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential"><B>NEXT CLASS</B></A></FONT></TD> |
| <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2"> |
| <A HREF="../../../../../index.html?org/apache/shiro/authc/credential/PasswordService.html" target="_top"><B>FRAMES</B></A> |
| <A HREF="PasswordService.html" target="_top"><B>NO FRAMES</B></A> |
| <SCRIPT type="text/javascript"> |
| <!-- |
| if(window==top) { |
| document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>'); |
| } |
| //--> |
| </SCRIPT> |
| <NOSCRIPT> |
| <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A> |
| </NOSCRIPT> |
| |
| |
| </FONT></TD> |
| </TR> |
| <TR> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| SUMMARY: NESTED | FIELD | CONSTR | <A HREF="#method_summary">METHOD</A></FONT></TD> |
| <TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2"> |
| DETAIL: FIELD | CONSTR | <A HREF="#method_detail">METHOD</A></FONT></TD> |
| </TR> |
| </TABLE> |
| <A NAME="skip-navbar_bottom"></A> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| |
| <HR> |
| Copyright © 2004-2014 <a href="http://www.apache.org/">The Apache Software Foundation</a>. All Rights Reserved. |
| </BODY> |
| </HTML> |