Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.8.0 / shiro-core / apidocs / src-html / org / apache / shiro / authc / credential / SimpleCredentialsMatcher.html
blob: 5b9c2377bea05a68df811207a07b001624607bbb [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.authc.credential;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.authc.AuthenticationInfo;</a>
<span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.authc.AuthenticationToken;</a>
<span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.codec.CodecSupport;</a>
<span class="sourceLineNo">024</span><a id="line.24">import org.slf4j.Logger;</a>
<span class="sourceLineNo">025</span><a id="line.25">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">026</span><a id="line.26"></a>
<span class="sourceLineNo">027</span><a id="line.27">import java.security.MessageDigest;</a>
<span class="sourceLineNo">028</span><a id="line.28">import java.util.Arrays;</a>
<span class="sourceLineNo">029</span><a id="line.29"></a>
<span class="sourceLineNo">030</span><a id="line.30"></a>
<span class="sourceLineNo">031</span><a id="line.31">/**</a>
<span class="sourceLineNo">032</span><a id="line.32"> * Simple CredentialsMatcher implementation. Supports direct (plain) comparison for credentials of type</a>
<span class="sourceLineNo">033</span><a id="line.33"> * byte[], char[], and Strings, and if the arguments do not match these types, then reverts back to simple</a>
<span class="sourceLineNo">034</span><a id="line.34"> * &lt;code&gt;Object.equals&lt;/code&gt; comparison.</a>
<span class="sourceLineNo">035</span><a id="line.35"> * &lt;p/&gt;</a>
<span class="sourceLineNo">036</span><a id="line.36"> * &lt;p&gt;Hashing comparisons (the most common technique used in secure applications) are not supported by this class, but</a>
<span class="sourceLineNo">037</span><a id="line.37"> * instead by the {@link org.apache.shiro.authc.credential.HashedCredentialsMatcher HashedCredentialsMatcher}.</a>
<span class="sourceLineNo">038</span><a id="line.38"> *</a>
<span class="sourceLineNo">039</span><a id="line.39"> * @see org.apache.shiro.authc.credential.HashedCredentialsMatcher</a>
<span class="sourceLineNo">040</span><a id="line.40"> * @since 0.9</a>
<span class="sourceLineNo">041</span><a id="line.41"> */</a>
<span class="sourceLineNo">042</span><a id="line.42">public class SimpleCredentialsMatcher extends CodecSupport implements CredentialsMatcher {</a>
<span class="sourceLineNo">043</span><a id="line.43"></a>
<span class="sourceLineNo">044</span><a id="line.44"> private static final Logger log = LoggerFactory.getLogger(SimpleCredentialsMatcher.class);</a>
<span class="sourceLineNo">045</span><a id="line.45"></a>
<span class="sourceLineNo">046</span><a id="line.46"> /**</a>
<span class="sourceLineNo">047</span><a id="line.47"> * Returns the {@code token}'s credentials.</a>
<span class="sourceLineNo">048</span><a id="line.48"> * &lt;p/&gt;</a>
<span class="sourceLineNo">049</span><a id="line.49"> * &lt;p&gt;This default implementation merely returns</a>
<span class="sourceLineNo">050</span><a id="line.50"> * {@link AuthenticationToken#getCredentials() authenticationToken.getCredentials()} and exists as a template hook</a>
<span class="sourceLineNo">051</span><a id="line.51"> * if subclasses wish to obtain the credentials in a different way or convert them to a different format before</a>
<span class="sourceLineNo">052</span><a id="line.52"> * returning.</a>
<span class="sourceLineNo">053</span><a id="line.53"> *</a>
<span class="sourceLineNo">054</span><a id="line.54"> * @param token the {@code AuthenticationToken} submitted during the authentication attempt.</a>
<span class="sourceLineNo">055</span><a id="line.55"> * @return the {@code token}'s associated credentials.</a>
<span class="sourceLineNo">056</span><a id="line.56"> */</a>
<span class="sourceLineNo">057</span><a id="line.57"> protected Object getCredentials(AuthenticationToken token) {</a>
<span class="sourceLineNo">058</span><a id="line.58"> return token.getCredentials();</a>
<span class="sourceLineNo">059</span><a id="line.59"> }</a>
<span class="sourceLineNo">060</span><a id="line.60"></a>
<span class="sourceLineNo">061</span><a id="line.61"> /**</a>
<span class="sourceLineNo">062</span><a id="line.62"> * Returns the {@code account}'s credentials.</a>
<span class="sourceLineNo">063</span><a id="line.63"> * &lt;p/&gt;</a>
<span class="sourceLineNo">064</span><a id="line.64"> * &lt;p&gt;This default implementation merely returns</a>
<span class="sourceLineNo">065</span><a id="line.65"> * {@link AuthenticationInfo#getCredentials() account.getCredentials()} and exists as a template hook if subclasses</a>
<span class="sourceLineNo">066</span><a id="line.66"> * wish to obtain the credentials in a different way or convert them to a different format before</a>
<span class="sourceLineNo">067</span><a id="line.67"> * returning.</a>
<span class="sourceLineNo">068</span><a id="line.68"> *</a>
<span class="sourceLineNo">069</span><a id="line.69"> * @param info the {@code AuthenticationInfo} stored in the data store to be compared against the submitted authentication</a>
<span class="sourceLineNo">070</span><a id="line.70"> * token's credentials.</a>
<span class="sourceLineNo">071</span><a id="line.71"> * @return the {@code account}'s associated credentials.</a>
<span class="sourceLineNo">072</span><a id="line.72"> */</a>
<span class="sourceLineNo">073</span><a id="line.73"> protected Object getCredentials(AuthenticationInfo info) {</a>
<span class="sourceLineNo">074</span><a id="line.74"> return info.getCredentials();</a>
<span class="sourceLineNo">075</span><a id="line.75"> }</a>
<span class="sourceLineNo">076</span><a id="line.76"></a>
<span class="sourceLineNo">077</span><a id="line.77"> /**</a>
<span class="sourceLineNo">078</span><a id="line.78"> * Returns {@code true} if the {@code tokenCredentials} argument is logically equal to the</a>
<span class="sourceLineNo">079</span><a id="line.79"> * {@code accountCredentials} argument.</a>
<span class="sourceLineNo">080</span><a id="line.80"> * &lt;p/&gt;</a>
<span class="sourceLineNo">081</span><a id="line.81"> * &lt;p&gt;If both arguments are either a byte array (byte[]), char array (char[]) or String, they will be both be</a>
<span class="sourceLineNo">082</span><a id="line.82"> * converted to raw byte arrays via the {@link #toBytes toBytes} method first, and then resulting byte arrays</a>
<span class="sourceLineNo">083</span><a id="line.83"> * are compared via {@link Arrays#equals(byte[], byte[]) Arrays.equals(byte[],byte[])}.&lt;/p&gt;</a>
<span class="sourceLineNo">084</span><a id="line.84"> * &lt;p/&gt;</a>
<span class="sourceLineNo">085</span><a id="line.85"> * &lt;p&gt;If either argument cannot be converted to a byte array as described, a simple Object &lt;code&gt;equals&lt;/code&gt;</a>
<span class="sourceLineNo">086</span><a id="line.86"> * comparison is made.&lt;/p&gt;</a>
<span class="sourceLineNo">087</span><a id="line.87"> * &lt;p/&gt;</a>
<span class="sourceLineNo">088</span><a id="line.88"> * &lt;p&gt;Subclasses should override this method for more explicit equality checks.</a>
<span class="sourceLineNo">089</span><a id="line.89"> *</a>
<span class="sourceLineNo">090</span><a id="line.90"> * @param tokenCredentials the {@code AuthenticationToken}'s associated credentials.</a>
<span class="sourceLineNo">091</span><a id="line.91"> * @param accountCredentials the {@code AuthenticationInfo}'s stored credentials.</a>
<span class="sourceLineNo">092</span><a id="line.92"> * @return {@code true} if the {@code tokenCredentials} are equal to the {@code accountCredentials}.</a>
<span class="sourceLineNo">093</span><a id="line.93"> */</a>
<span class="sourceLineNo">094</span><a id="line.94"> protected boolean equals(Object tokenCredentials, Object accountCredentials) {</a>
<span class="sourceLineNo">095</span><a id="line.95"> if (log.isDebugEnabled()) {</a>
<span class="sourceLineNo">096</span><a id="line.96"> log.debug("Performing credentials equality check for tokenCredentials of type [" +</a>
<span class="sourceLineNo">097</span><a id="line.97"> tokenCredentials.getClass().getName() + " and accountCredentials of type [" +</a>
<span class="sourceLineNo">098</span><a id="line.98"> accountCredentials.getClass().getName() + "]");</a>
<span class="sourceLineNo">099</span><a id="line.99"> }</a>
<span class="sourceLineNo">100</span><a id="line.100"> if (isByteSource(tokenCredentials) &amp;&amp; isByteSource(accountCredentials)) {</a>
<span class="sourceLineNo">101</span><a id="line.101"> if (log.isDebugEnabled()) {</a>
<span class="sourceLineNo">102</span><a id="line.102"> log.debug("Both credentials arguments can be easily converted to byte arrays. Performing " +</a>
<span class="sourceLineNo">103</span><a id="line.103"> "array equals comparison");</a>
<span class="sourceLineNo">104</span><a id="line.104"> }</a>
<span class="sourceLineNo">105</span><a id="line.105"> byte[] tokenBytes = toBytes(tokenCredentials);</a>
<span class="sourceLineNo">106</span><a id="line.106"> byte[] accountBytes = toBytes(accountCredentials);</a>
<span class="sourceLineNo">107</span><a id="line.107"> return MessageDigest.isEqual(tokenBytes, accountBytes);</a>
<span class="sourceLineNo">108</span><a id="line.108"> } else {</a>
<span class="sourceLineNo">109</span><a id="line.109"> return accountCredentials.equals(tokenCredentials);</a>
<span class="sourceLineNo">110</span><a id="line.110"> }</a>
<span class="sourceLineNo">111</span><a id="line.111"> }</a>
<span class="sourceLineNo">112</span><a id="line.112"></a>
<span class="sourceLineNo">113</span><a id="line.113"> /**</a>
<span class="sourceLineNo">114</span><a id="line.114"> * This implementation acquires the {@code token}'s credentials</a>
<span class="sourceLineNo">115</span><a id="line.115"> * (via {@link #getCredentials(AuthenticationToken) getCredentials(token)})</a>
<span class="sourceLineNo">116</span><a id="line.116"> * and then the {@code account}'s credentials</a>
<span class="sourceLineNo">117</span><a id="line.117"> * (via {@link #getCredentials(org.apache.shiro.authc.AuthenticationInfo) getCredentials(account)}) and then passes both of</a>
<span class="sourceLineNo">118</span><a id="line.118"> * them to the {@link #equals(Object,Object) equals(tokenCredentials, accountCredentials)} method for equality</a>
<span class="sourceLineNo">119</span><a id="line.119"> * comparison.</a>
<span class="sourceLineNo">120</span><a id="line.120"> *</a>
<span class="sourceLineNo">121</span><a id="line.121"> * @param token the {@code AuthenticationToken} submitted during the authentication attempt.</a>
<span class="sourceLineNo">122</span><a id="line.122"> * @param info the {@code AuthenticationInfo} stored in the system matching the token principal.</a>
<span class="sourceLineNo">123</span><a id="line.123"> * @return {@code true} if the provided token credentials are equal to the stored account credentials,</a>
<span class="sourceLineNo">124</span><a id="line.124"> * {@code false} otherwise</a>
<span class="sourceLineNo">125</span><a id="line.125"> */</a>
<span class="sourceLineNo">126</span><a id="line.126"> public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {</a>
<span class="sourceLineNo">127</span><a id="line.127"> Object tokenCredentials = getCredentials(token);</a>
<span class="sourceLineNo">128</span><a id="line.128"> Object accountCredentials = getCredentials(info);</a>
<span class="sourceLineNo">129</span><a id="line.129"> return equals(tokenCredentials, accountCredentials);</a>
<span class="sourceLineNo">130</span><a id="line.130"> }</a>
<span class="sourceLineNo">131</span><a id="line.131"></a>
<span class="sourceLineNo">132</span><a id="line.132">}</a>
</pre>
</div>
</main>
</body>
</html>