| <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>PasswordMatcher.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: All (aggregate jar)</a> > <a href="../index.html" class="el_bundle">shiro-core</a> > <a href="index.source.html" class="el_package">org.apache.shiro.authc.credential</a> > <span class="el_source">PasswordMatcher.java</span></div><h1>PasswordMatcher.java</h1><pre class="source lang-java linenums">/* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.authc.credential; |
| |
| import org.apache.shiro.authc.AuthenticationInfo; |
| import org.apache.shiro.authc.AuthenticationToken; |
| import org.apache.shiro.crypto.hash.Hash; |
| |
| /** |
| * A {@link CredentialsMatcher} that employs best-practices comparisons for hashed text passwords. |
| * <p/> |
| * This implementation delegates to an internal {@link PasswordService} to perform the actual password |
| * comparison. This class is essentially a bridge between the generic CredentialsMatcher interface and the |
| * more specific {@code PasswordService} component. |
| * |
| * @since 1.2 |
| */ |
| public class PasswordMatcher implements CredentialsMatcher { |
| |
| private PasswordService passwordService; |
| |
| <span class="fc" id="L38"> public PasswordMatcher() {</span> |
| <span class="fc" id="L39"> this.passwordService = new DefaultPasswordService();</span> |
| <span class="fc" id="L40"> }</span> |
| |
| public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { |
| |
| <span class="fc" id="L44"> PasswordService service = ensurePasswordService();</span> |
| |
| <span class="fc" id="L46"> Object submittedPassword = getSubmittedPassword(token);</span> |
| <span class="fc" id="L47"> Object storedCredentials = getStoredPassword(info);</span> |
| <span class="fc" id="L48"> assertStoredCredentialsType(storedCredentials);</span> |
| |
| <span class="fc bfc" id="L50" title="All 2 branches covered."> if (storedCredentials instanceof Hash) {</span> |
| <span class="fc" id="L51"> Hash hashedPassword = (Hash)storedCredentials;</span> |
| <span class="fc" id="L52"> HashingPasswordService hashingService = assertHashingPasswordService(service);</span> |
| <span class="fc" id="L53"> return hashingService.passwordsMatch(submittedPassword, hashedPassword);</span> |
| } |
| //otherwise they are a String (asserted in the 'assertStoredCredentialsType' method call above): |
| <span class="fc" id="L56"> String formatted = (String)storedCredentials;</span> |
| <span class="fc" id="L57"> return passwordService.passwordsMatch(submittedPassword, formatted);</span> |
| } |
| |
| private HashingPasswordService assertHashingPasswordService(PasswordService service) { |
| <span class="fc bfc" id="L61" title="All 2 branches covered."> if (service instanceof HashingPasswordService) {</span> |
| <span class="fc" id="L62"> return (HashingPasswordService) service;</span> |
| } |
| <span class="fc" id="L64"> String msg = "AuthenticationInfo's stored credentials are a Hash instance, but the " +</span> |
| "configured passwordService is not a " + |
| <span class="fc" id="L66"> HashingPasswordService.class.getName() + " instance. This is required to perform Hash " +</span> |
| "object password comparisons."; |
| <span class="fc" id="L68"> throw new IllegalStateException(msg);</span> |
| } |
| |
| private PasswordService ensurePasswordService() { |
| <span class="fc" id="L72"> PasswordService service = getPasswordService();</span> |
| <span class="fc bfc" id="L73" title="All 2 branches covered."> if (service == null) {</span> |
| <span class="fc" id="L74"> String msg = "Required PasswordService has not been configured.";</span> |
| <span class="fc" id="L75"> throw new IllegalStateException(msg);</span> |
| } |
| <span class="fc" id="L77"> return service;</span> |
| } |
| |
| protected Object getSubmittedPassword(AuthenticationToken token) { |
| <span class="pc bpc" id="L81" title="1 of 2 branches missed."> return token != null ? token.getCredentials() : null;</span> |
| } |
| |
| private void assertStoredCredentialsType(Object credentials) { |
| <span class="fc bfc" id="L85" title="All 4 branches covered."> if (credentials instanceof String || credentials instanceof Hash) {</span> |
| <span class="fc" id="L86"> return;</span> |
| } |
| |
| <span class="fc" id="L89"> String msg = "Stored account credentials are expected to be either a " +</span> |
| <span class="fc" id="L90"> Hash.class.getName() + " instance or a formatted hash String.";</span> |
| <span class="fc" id="L91"> throw new IllegalArgumentException(msg);</span> |
| } |
| |
| protected Object getStoredPassword(AuthenticationInfo storedAccountInfo) { |
| <span class="pc bpc" id="L95" title="1 of 2 branches missed."> Object stored = storedAccountInfo != null ? storedAccountInfo.getCredentials() : null;</span> |
| //fix for https://issues.apache.org/jira/browse/SHIRO-363 |
| <span class="fc bfc" id="L97" title="All 2 branches covered."> if (stored instanceof char[]) {</span> |
| <span class="fc" id="L98"> stored = new String((char[])stored);</span> |
| } |
| <span class="fc" id="L100"> return stored;</span> |
| } |
| |
| public PasswordService getPasswordService() { |
| <span class="fc" id="L104"> return passwordService;</span> |
| } |
| |
| public void setPasswordService(PasswordService passwordService) { |
| <span class="fc" id="L108"> this.passwordService = passwordService;</span> |
| <span class="fc" id="L109"> }</span> |
| } |
| </pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.7.201606060606</span></div></body></html> |