src/site/assets/static/1.9.1/apidocs/org/apache/shiro/authc/credential/PasswordService.html - shiro-site - Git at Google

 <!DOCTYPE HTML>
 <!-- NewPage -->
 <html lang="en">
 <head>
 <!-- Generated by javadoc -->
 <title>PasswordService (Apache Shiro 1.9.1 API)</title>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
 <link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.css" title="Style">
 <script type="text/javascript" src="../../../../../script.js"></script>
 <script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script>
 <script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
 <!--[if IE]>
 <script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
 <![endif]-->
 <script type="text/javascript" src="../../../../../jquery/jquery-3.5.1.js"></script>
 <script type="text/javascript" src="../../../../../jquery/jquery-ui.js"></script>
 </head>
 <body>
 <script type="text/javascript"><!--
     try {
         if (location.href.indexOf('is-external=true') == -1) {
             parent.document.title="PasswordService (Apache Shiro 1.9.1 API)";
         }
     }
     catch(err) {
     }
 //-->
 var data = {"i0":6,"i1":6};
 var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"]};
 var altColor = "altColor";
 var rowColor = "rowColor";
 var tableTab = "tableTab";
 var activeTableTab = "activeTableTab";
 var pathtoroot = "../../../../../";
 var useModuleDirectories = true;
 loadScripts(document, 'script');</script>
 <noscript>
 <div>JavaScript is disabled on your browser.</div>
 </noscript>
 <header role="banner">
 <nav role="navigation">
 <div class="fixedNav"><!-- Matomo --> <script>   var _paq = window._paq = window._paq || [];   /* tracker methods like "setCustomDimension" should be called before "trackPageView" */   /* We explicitly disable cookie tracking to avoid privacy issues */   _paq.push(['disableCookies']);   _paq.push(['trackPageView']);   _paq.push(['enableLinkTracking']);   (function() {     var u="//matomo.privacy.apache.org/";     _paq.push(['setTrackerUrl', u+'matomo.php']);     _paq.push(['setSiteId', '2']);     var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];     g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);   })(); </script> <!-- End Matomo Code -->
 <!-- ========= START OF TOP NAVBAR ======= -->
 <div class="topNav"><a id="navbar.top">
 <!--   -->
 </a>
 <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
 <a id="navbar.top.firstrow">
 <!--   -->
 </a>
 <ul class="navList" title="Navigation">
 <li><a href="../../../../../index.html">Overview</a></li>
 <li><a href="package-summary.html">Package</a></li>
 <li class="navBarCell1Rev">Class</li>
 <li><a href="class-use/PasswordService.html">Use</a></li>
 <li><a href="package-tree.html">Tree</a></li>
 <li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
 <li><a href="../../../../../index-all.html">Index</a></li>
 <li><a href="../../../../../help-doc.html">Help</a></li>
 </ul>
 </div>
 <div class="subNav">
 <ul class="navList" id="allclasses_navbar_top">
 <li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
 </ul>
 <ul class="navListSearch">
 <li><label for="search">SEARCH:</label>
 <input type="text" id="search" value="search" disabled="disabled">
 <input type="reset" id="reset" value="reset" disabled="disabled">
 </li>
 </ul>
 <div>
 <script type="text/javascript"><!--
   allClassesLink = document.getElementById("allclasses_navbar_top");
   if(window==top) {
     allClassesLink.style.display = "block";
   }
   else {
     allClassesLink.style.display = "none";
   }
   //-->
 </script>
 <noscript>
 <div>JavaScript is disabled on your browser.</div>
 </noscript>
 </div>
 <div>
 <ul class="subNavList">
 <li>Summary:&nbsp;</li>
 <li>Nested&nbsp;|&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li>Constr&nbsp;|&nbsp;</li>
 <li><a href="#method.summary">Method</a></li>
 </ul>
 <ul class="subNavList">
 <li>Detail:&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li>Constr&nbsp;|&nbsp;</li>
 <li><a href="#method.detail">Method</a></li>
 </ul>
 </div>
 <a id="skip.navbar.top">
 <!--   -->
 </a></div>
 <!-- ========= END OF TOP NAVBAR ========= -->
 </div>
 <div class="navPadding">&nbsp;</div>
 <script type="text/javascript"><!--
 $('.navPadding').css('padding-top', $('.fixedNav').css("height"));
 //-->
 </script>
 </nav>
 </header>
 <!-- ======== START OF CLASS DATA ======== -->
 <main role="main">
 <div class="header">
 <div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.apache.shiro.authc.credential</a></div>
 <h2 title="Interface PasswordService" class="title">Interface PasswordService</h2>
 </div>
 <div class="contentContainer">
 <div class="description">
 <ul class="blockList">
 <li class="blockList">
 <dl>
 <dt>All Known Subinterfaces:</dt>
 <dd><code><a href="HashingPasswordService.html" title="interface in org.apache.shiro.authc.credential">HashingPasswordService</a></code></dd>
 </dl>
 <dl>
 <dt>All Known Implementing Classes:</dt>
 <dd><code><a href="DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential">DefaultPasswordService</a></code></dd>
 </dl>
 <hr>
 <pre>public interface <a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.72">PasswordService</a></pre>
 <div class="block">A <code>PasswordService</code> supports common use cases when using passwords as a credentials mechanism.
  <p/>
  Most importantly, implementations of this interface are expected to employ best-practices to ensure that
  passwords remain as safe as possible in application environments.
  <h2>Usage</h2>
  A <code>PasswordService</code> is used at two different times during an application's lifecycle:
  <ul>
  <li>When creating a user account or resetting their password</li>
  <li>When a user logs in, when passwords must be compared</li>
  </ul>
  <h3>Account Creation or Password Reset</h3>
  Whenever you create a new user account or reset that account's password, we must translate the end-user submitted
  raw/plaintext password value to a string format that is much safer to store.  You do that by calling the
  <a href="#encryptPassword(java.lang.Object)"><code>encryptPassword(Object)</code></a> method to create the safer value.  For
  example:
  <pre>
  String submittedPlaintextPassword = ...
  String encryptedValue = passwordService.encryptPassword(submittedPlaintextPassword);
  ...
  userAccount.setPassword(encryptedValue);
  userAccount.save(); //create or update to your data store
  </pre>
  Be sure to save this encrypted password in your data store and never the original/raw submitted password.
  <h3>Login Password Comparison</h3>
  Shiro performs the comparison during login automatically.  Along with your <code>PasswordService</code>, you just
  have to configure a <a href="PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><code>PasswordMatcher</code></a> on a realm that has password-based accounts.   During a login attempt,
  shiro will use the <code>PasswordMatcher</code> and the <code>PasswordService</code> to automatically compare submitted
  passwords.
  <p/>
  For example, if using Shiro's INI, here is how you might configure the PasswordMatcher and PasswordService:
  <pre>
  [main]
  ...
  passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
  # configure the passwordService to use the settings you desire
  ...
  passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
  passwordMatcher.passwordService = $passwordService
  ...
  # Finally, set the matcher on a realm that requires password matching for account authentication:
  myRealm = ...
  myRealm.credentialsMatcher = $passwordMatcher
  </pre></div>
 <dl>
 <dt><span class="simpleTagLabel">Since:</span></dt>
 <dd>1.2</dd>
 <dt><span class="seeLabel">See Also:</span></dt>
 <dd><a href="DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential"><code>DefaultPasswordService</code></a>,
 <a href="PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><code>PasswordMatcher</code></a></dd>
 </dl>
 </li>
 </ul>
 </div>
 <div class="summary">
 <ul class="blockList">
 <li class="blockList">
 <!-- ========== METHOD SUMMARY =========== -->
 <section role="region">
 <ul class="blockList">
 <li class="blockList"><a id="method.summary">
 <!--   -->
 </a>
 <h3>Method Summary</h3>
 <table class="memberSummary">
 <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
 <tr>
 <th class="colFirst" scope="col">Modifier and Type</th>
 <th class="colSecond" scope="col">Method</th>
 <th class="colLast" scope="col">Description</th>
 </tr>
 <tr id="i0" class="altColor">
 <td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
 <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#encryptPassword(java.lang.Object)">encryptPassword</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;plaintextPassword)</code></th>
 <td class="colLast">
 <div class="block">Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset'
  workflow) into a formatted string safe for storage.</div>
 </td>
 </tr>
 <tr id="i1" class="rowColor">
 <td class="colFirst"><code>boolean</code></td>
 <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#passwordsMatch(java.lang.Object,java.lang.String)">passwordsMatch</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;submittedPlaintext,
               <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;encrypted)</code></th>
 <td class="colLast">
 <div class="block">Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password,
  <code>false</code> otherwise.</div>
 </td>
 </tr>
 </table>
 </li>
 </ul>
 </section>
 </li>
 </ul>
 </div>
 <div class="details">
 <ul class="blockList">
 <li class="blockList">
 <!-- ============ METHOD DETAIL ========== -->
 <section role="region">
 <ul class="blockList">
 <li class="blockList"><a id="method.detail">
 <!--   -->
 </a>
 <h3>Method Detail</h3>
 <a id="encryptPassword(java.lang.Object)">
 <!--   -->
 </a>
 <ul class="blockList">
 <li class="blockList">
 <h4>encryptPassword</h4>
 <pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.115">encryptPassword</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;plaintextPassword)
                 throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a></pre>
 <div class="block">Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset'
  workflow) into a formatted string safe for storage.  The returned string can be safely saved with the
  corresponding user account record (e.g. as a 'password' attribute).
  <p/>
  It is expected that the String returned from this method will be presented to the
  <a href="#passwordsMatch(java.lang.Object,java.lang.String)"><code>passwordsMatch(plaintext,encrypted)</code></a> method when performing a
  password comparison check.
  <h3>Usage</h3>
  The input argument type can be any 'byte backed' <code>Object</code> - almost always either a
  String or character array representing passwords (character arrays are often a safer way to represent passwords
  as they can be cleared/nulled-out after use.  Any argument type supported by
  <a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a> is valid.
  <p/>
  For example:
  <pre>
  String rawPassword = ...
  String encryptedValue = passwordService.encryptPassword(rawPassword);
  </pre>
  or, identically:
  <pre>
  char[] rawPasswordChars = ...
  String encryptedValue = passwordService.encryptPassword(rawPasswordChars);
  </pre>
  <p/>
  The resulting <code>encryptedValue</code> should be stored with the account to be retrieved later during a
  login attempt.  For example:
  <pre>
  String encryptedValue = passwordService.encryptPassword(rawPassword);
  ...
  userAccount.setPassword(encryptedValue);
  userAccount.save(); //create or update to your data store
  </pre></div>
 <dl>
 <dt><span class="paramLabel">Parameters:</span></dt>
 <dd><code>plaintextPassword</code> - the raw password as 'byte-backed' object (String, character array, <a href="../../util/ByteSource.html" title="interface in org.apache.shiro.util"><code>ByteSource</code></a>,
                           etc) usually acquired from your application's 'new user' or 'password reset' workflow.</dd>
 <dt><span class="returnLabel">Returns:</span></dt>
 <dd>the encrypted password, formatted for storage.</dd>
 <dt><span class="throwsLabel">Throws:</span></dt>
 <dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a></code> - if the argument cannot be easily converted to bytes as defined by
                                   <a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a>.</dd>
 <dt><span class="seeLabel">See Also:</span></dt>
 <dd><a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a></dd>
 </dl>
 </li>
 </ul>
 <a id="passwordsMatch(java.lang.Object,java.lang.String)">
 <!--   -->
 </a>
 <ul class="blockListLast">
 <li class="blockList">
 <h4>passwordsMatch</h4>
 <pre class="methodSignature">boolean&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.146">passwordsMatch</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;submittedPlaintext,
                        <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;encrypted)</pre>
 <div class="block">Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password,
  <code>false</code> otherwise.
  <h3>Usage</h3>
  The <code>submittedPlaintext</code> argument type can be any 'byte backed' <code>Object</code> - almost always either a
  String or character array representing passwords (character arrays are often a safer way to represent passwords
  as they can be cleared/nulled-out after use.  Any argument type supported by
  <a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a> is valid.
  <p/>
  For example:
  <pre>
  String submittedPassword = ...
  passwordService.passwordsMatch(submittedPassword, encryptedPassword);
  </pre>
  or similarly:
  <pre>
  char[] submittedPasswordCharacters = ...
  passwordService.passwordsMatch(submittedPasswordCharacters, encryptedPassword);
  </pre></div>
 <dl>
 <dt><span class="paramLabel">Parameters:</span></dt>
 <dd><code>submittedPlaintext</code> - a raw/plaintext password submitted by an end user/Subject.</dd>
 <dd><code>encrypted</code> - the previously encrypted password known to be associated with an account.
                            This value is expected to have been previously generated from the
                            <a href="#encryptPassword(java.lang.Object)"><code>encryptPassword</code></a> method (typically
                            when the account is created or the account's password is reset).</dd>
 <dt><span class="returnLabel">Returns:</span></dt>
 <dd><code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password,
          <code>false</code> otherwise.</dd>
 <dt><span class="seeLabel">See Also:</span></dt>
 <dd><a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a></dd>
 </dl>
 </li>
 </ul>
 </li>
 </ul>
 </section>
 </li>
 </ul>
 </div>
 </div>
 </main>
 <!-- ========= END OF CLASS DATA ========= -->
 <footer role="contentinfo">
 <nav role="navigation">
 <!-- ======= START OF BOTTOM NAVBAR ====== -->
 <div class="bottomNav"><a id="navbar.bottom">
 <!--   -->
 </a>
 <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
 <a id="navbar.bottom.firstrow">
 <!--   -->
 </a>
 <ul class="navList" title="Navigation">
 <li><a href="../../../../../index.html">Overview</a></li>
 <li><a href="package-summary.html">Package</a></li>
 <li class="navBarCell1Rev">Class</li>
 <li><a href="class-use/PasswordService.html">Use</a></li>
 <li><a href="package-tree.html">Tree</a></li>
 <li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
 <li><a href="../../../../../index-all.html">Index</a></li>
 <li><a href="../../../../../help-doc.html">Help</a></li>
 </ul>
 </div>
 <div class="subNav">
 <ul class="navList" id="allclasses_navbar_bottom">
 <li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
 </ul>
 <div>
 <script type="text/javascript"><!--
   allClassesLink = document.getElementById("allclasses_navbar_bottom");
   if(window==top) {
     allClassesLink.style.display = "block";
   }
   else {
     allClassesLink.style.display = "none";
   }
   //-->
 </script>
 <noscript>
 <div>JavaScript is disabled on your browser.</div>
 </noscript>
 </div>
 <div>
 <ul class="subNavList">
 <li>Summary:&nbsp;</li>
 <li>Nested&nbsp;|&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li>Constr&nbsp;|&nbsp;</li>
 <li><a href="#method.summary">Method</a></li>
 </ul>
 <ul class="subNavList">
 <li>Detail:&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li>Constr&nbsp;|&nbsp;</li>
 <li><a href="#method.detail">Method</a></li>
 </ul>
 </div>
 <a id="skip.navbar.bottom">
 <!--   -->
 </a></div>
 <!-- ======== END OF BOTTOM NAVBAR ======= -->
 </nav>
 <p class="legalCopy"><small>Copyright &#169; 2004&#x2013;2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p>
 </footer>
 </body>
 </html>
	<!DOCTYPE HTML>
	<!-- NewPage -->
	<html lang="en">
	<head>
	<!-- Generated by javadoc -->
	<title>PasswordService (Apache Shiro 1.9.1 API)</title>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
	<link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.css" title="Style">
	<script type="text/javascript" src="../../../../../script.js"></script>
	<script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script>
	<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
	<!--[if IE]>
	<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
	<![endif]-->
	<script type="text/javascript" src="../../../../../jquery/jquery-3.5.1.js"></script>
	<script type="text/javascript" src="../../../../../jquery/jquery-ui.js"></script>
	</head>
	<body>
	<script type="text/javascript"><!--
	try {
	if (location.href.indexOf('is-external=true') == -1) {
	parent.document.title="PasswordService (Apache Shiro 1.9.1 API)";
	}
	}
	catch(err) {
	}
	//-->
	var data = {"i0":6,"i1":6};
	var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"]};
	var altColor = "altColor";
	var rowColor = "rowColor";
	var tableTab = "tableTab";
	var activeTableTab = "activeTableTab";
	var pathtoroot = "../../../../../";
	var useModuleDirectories = true;
	loadScripts(document, 'script');</script>
	<noscript>
	<div>JavaScript is disabled on your browser.</div>
	</noscript>
	<header role="banner">
	<nav role="navigation">
	<div class="fixedNav"><!-- Matomo --> <script> var _paq = window._paq = window._paq \|\| []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" / / We explicitly disable cookie tracking to avoid privacy issues */ _paq.push(['disableCookies']); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//matomo.privacy.apache.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '2']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code -->
	<!-- ========= START OF TOP NAVBAR ======= -->
	<div class="topNav"><a id="navbar.top">
	<!-- -->
	</a>
	<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
	<a id="navbar.top.firstrow">
	<!-- -->
	</a>
	<ul class="navList" title="Navigation">
	<li><a href="../../../../../index.html">Overview</a></li>
	<li><a href="package-summary.html">Package</a></li>
	<li class="navBarCell1Rev">Class</li>
	<li><a href="class-use/PasswordService.html">Use</a></li>
	<li><a href="package-tree.html">Tree</a></li>
	<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
	<li><a href="../../../../../index-all.html">Index</a></li>
	<li><a href="../../../../../help-doc.html">Help</a></li>
	</ul>
	</div>
	<div class="subNav">
	<ul class="navList" id="allclasses_navbar_top">
	<li><a href="../../../../../allclasses.html">All Classes</a></li>
	</ul>
	<ul class="navListSearch">
	<li><label for="search">SEARCH:</label>
	<input type="text" id="search" value="search" disabled="disabled">
	<input type="reset" id="reset" value="reset" disabled="disabled">
	</li>
	</ul>
	<div>
	<script type="text/javascript"><!--
	allClassesLink = document.getElementById("allclasses_navbar_top");
	if(window==top) {
	allClassesLink.style.display = "block";
	}
	else {
	allClassesLink.style.display = "none";
	}
	//-->
	</script>
	<noscript>
	<div>JavaScript is disabled on your browser.</div>
	</noscript>
	</div>
	<div>
	<ul class="subNavList">
	<li>Summary: </li>
	<li>Nested \| </li>
	<li>Field \| </li>
	<li>Constr \| </li>
	<li><a href="#method.summary">Method</a></li>
	</ul>
	<ul class="subNavList">
	<li>Detail: </li>
	<li>Field \| </li>
	<li>Constr \| </li>
	<li><a href="#method.detail">Method</a></li>
	</ul>
	</div>
	<a id="skip.navbar.top">
	<!-- -->
	</a></div>
	<!-- ========= END OF TOP NAVBAR ========= -->
	</div>
	<div class="navPadding"> </div>
	<script type="text/javascript"><!--
	$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
	//-->
	</script>
	</nav>
	</header>
	<!-- ======== START OF CLASS DATA ======== -->
	<main role="main">
	<div class="header">
	<div class="subTitle"><span class="packageLabelInType">Package</span> <a href="package-summary.html">org.apache.shiro.authc.credential</a></div>
	<h2 title="Interface PasswordService" class="title">Interface PasswordService</h2>
	</div>
	<div class="contentContainer">
	<div class="description">
	<ul class="blockList">
	<li class="blockList">
	<dl>
	<dt>All Known Subinterfaces:</dt>
	<dd><code><a href="HashingPasswordService.html" title="interface in org.apache.shiro.authc.credential">HashingPasswordService</a></code></dd>
	</dl>
	<dl>
	<dt>All Known Implementing Classes:</dt>
	<dd><code><a href="DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential">DefaultPasswordService</a></code></dd>
	</dl>
	<hr>
	<pre>public interface <a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.72">PasswordService</a></pre>
	<div class="block">A <code>PasswordService</code> supports common use cases when using passwords as a credentials mechanism.
	<p/>
	Most importantly, implementations of this interface are expected to employ best-practices to ensure that
	passwords remain as safe as possible in application environments.
	<h2>Usage</h2>
	A <code>PasswordService</code> is used at two different times during an application's lifecycle:
	<ul>
	<li>When creating a user account or resetting their password</li>
	<li>When a user logs in, when passwords must be compared</li>
	</ul>
	<h3>Account Creation or Password Reset</h3>
	Whenever you create a new user account or reset that account's password, we must translate the end-user submitted
	raw/plaintext password value to a string format that is much safer to store. You do that by calling the
	<a href="#encryptPassword(java.lang.Object)"><code>encryptPassword(Object)</code></a> method to create the safer value. For
	example:
	<pre>
	String submittedPlaintextPassword = ...
	String encryptedValue = passwordService.encryptPassword(submittedPlaintextPassword);
	...
	userAccount.setPassword(encryptedValue);
	userAccount.save(); //create or update to your data store
	</pre>
	Be sure to save this encrypted password in your data store and never the original/raw submitted password.
	<h3>Login Password Comparison</h3>
	Shiro performs the comparison during login automatically. Along with your <code>PasswordService</code>, you just
	have to configure a <a href="PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><code>PasswordMatcher</code></a> on a realm that has password-based accounts. During a login attempt,
	shiro will use the <code>PasswordMatcher</code> and the <code>PasswordService</code> to automatically compare submitted
	passwords.
	<p/>
	For example, if using Shiro's INI, here is how you might configure the PasswordMatcher and PasswordService:
	<pre>
	[main]
	...
	passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
	# configure the passwordService to use the settings you desire
	...
	passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
	passwordMatcher.passwordService = $passwordService
	...
	# Finally, set the matcher on a realm that requires password matching for account authentication:
	myRealm = ...
	myRealm.credentialsMatcher = $passwordMatcher
	</pre></div>
	<dl>
	<dt><span class="simpleTagLabel">Since:</span></dt>
	<dd>1.2</dd>
	<dt><span class="seeLabel">See Also:</span></dt>
	<dd><a href="DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential"><code>DefaultPasswordService</code></a>,
	<a href="PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><code>PasswordMatcher</code></a></dd>
	</dl>
	</li>
	</ul>
	</div>
	<div class="summary">
	<ul class="blockList">
	<li class="blockList">
	<!-- ========== METHOD SUMMARY =========== -->
	<section role="region">
	<ul class="blockList">
	<li class="blockList"><a id="method.summary">
	<!-- -->
	</a>
	<h3>Method Summary</h3>
	<table class="memberSummary">
	<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span></caption>
	<tr>
	<th class="colFirst" scope="col">Modifier and Type</th>
	<th class="colSecond" scope="col">Method</th>
	<th class="colLast" scope="col">Description</th>
	</tr>
	<tr id="i0" class="altColor">
	<td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
	<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#encryptPassword(java.lang.Object)">encryptPassword</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> plaintextPassword)</code></th>
	<td class="colLast">
	<div class="block">Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset'
	workflow) into a formatted string safe for storage.</div>
	</td>
	</tr>
	<tr id="i1" class="rowColor">
	<td class="colFirst"><code>boolean</code></td>
	<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#passwordsMatch(java.lang.Object,java.lang.String)">passwordsMatch</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> submittedPlaintext,
	<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> encrypted)</code></th>
	<td class="colLast">
	<div class="block">Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password,
	<code>false</code> otherwise.</div>
	</td>
	</tr>
	</table>
	</li>
	</ul>
	</section>
	</li>
	</ul>
	</div>
	<div class="details">
	<ul class="blockList">
	<li class="blockList">
	<!-- ============ METHOD DETAIL ========== -->
	<section role="region">
	<ul class="blockList">
	<li class="blockList"><a id="method.detail">
	<!-- -->
	</a>
	<h3>Method Detail</h3>
	<a id="encryptPassword(java.lang.Object)">
	<!-- -->
	</a>
	<ul class="blockList">
	<li class="blockList">
	<h4>encryptPassword</h4>
	<pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> <a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.115">encryptPassword</a>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> plaintextPassword)
	throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a></pre>
	<div class="block">Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset'
	workflow) into a formatted string safe for storage. The returned string can be safely saved with the
	corresponding user account record (e.g. as a 'password' attribute).
	<p/>
	It is expected that the String returned from this method will be presented to the
	<a href="#passwordsMatch(java.lang.Object,java.lang.String)"><code>passwordsMatch(plaintext,encrypted)</code></a> method when performing a
	password comparison check.
	<h3>Usage</h3>
	The input argument type can be any 'byte backed' <code>Object</code> - almost always either a
	String or character array representing passwords (character arrays are often a safer way to represent passwords
	as they can be cleared/nulled-out after use. Any argument type supported by
	<a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a> is valid.
	<p/>
	For example:
	<pre>
	String rawPassword = ...
	String encryptedValue = passwordService.encryptPassword(rawPassword);
	</pre>
	or, identically:
	<pre>
	char[] rawPasswordChars = ...
	String encryptedValue = passwordService.encryptPassword(rawPasswordChars);
	</pre>
	<p/>
	The resulting <code>encryptedValue</code> should be stored with the account to be retrieved later during a
	login attempt. For example:
	<pre>
	String encryptedValue = passwordService.encryptPassword(rawPassword);
	...
	userAccount.setPassword(encryptedValue);
	userAccount.save(); //create or update to your data store
	</pre></div>
	<dl>
	<dt><span class="paramLabel">Parameters:</span></dt>
	<dd><code>plaintextPassword</code> - the raw password as 'byte-backed' object (String, character array, <a href="../../util/ByteSource.html" title="interface in org.apache.shiro.util"><code>ByteSource</code></a>,
	etc) usually acquired from your application's 'new user' or 'password reset' workflow.</dd>
	<dt><span class="returnLabel">Returns:</span></dt>
	<dd>the encrypted password, formatted for storage.</dd>
	<dt><span class="throwsLabel">Throws:</span></dt>
	<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang" class="externalLink">IllegalArgumentException</a></code> - if the argument cannot be easily converted to bytes as defined by
	<a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a>.</dd>
	<dt><span class="seeLabel">See Also:</span></dt>
	<dd><a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a></dd>
	</dl>
	</li>
	</ul>
	<a id="passwordsMatch(java.lang.Object,java.lang.String)">
	<!-- -->
	</a>
	<ul class="blockListLast">
	<li class="blockList">
	<h4>passwordsMatch</h4>
	<pre class="methodSignature">boolean <a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.146">passwordsMatch</a>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> submittedPlaintext,
	<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> encrypted)</pre>
	<div class="block">Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password,
	<code>false</code> otherwise.
	<h3>Usage</h3>
	The <code>submittedPlaintext</code> argument type can be any 'byte backed' <code>Object</code> - almost always either a
	String or character array representing passwords (character arrays are often a safer way to represent passwords
	as they can be cleared/nulled-out after use. Any argument type supported by
	<a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a> is valid.
	<p/>
	For example:
	<pre>
	String submittedPassword = ...
	passwordService.passwordsMatch(submittedPassword, encryptedPassword);
	</pre>
	or similarly:
	<pre>
	char[] submittedPasswordCharacters = ...
	passwordService.passwordsMatch(submittedPasswordCharacters, encryptedPassword);
	</pre></div>
	<dl>
	<dt><span class="paramLabel">Parameters:</span></dt>
	<dd><code>submittedPlaintext</code> - a raw/plaintext password submitted by an end user/Subject.</dd>
	<dd><code>encrypted</code> - the previously encrypted password known to be associated with an account.
	This value is expected to have been previously generated from the
	<a href="#encryptPassword(java.lang.Object)"><code>encryptPassword</code></a> method (typically
	when the account is created or the account's password is reset).</dd>
	<dt><span class="returnLabel">Returns:</span></dt>
	<dd><code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password,
	<code>false</code> otherwise.</dd>
	<dt><span class="seeLabel">See Also:</span></dt>
	<dd><a href="../../util/ByteSource.Util.html#isCompatible(java.lang.Object)"><code>ByteSource.Util.isCompatible(Object)</code></a></dd>
	</dl>
	</li>
	</ul>
	</li>
	</ul>
	</section>
	</li>
	</ul>
	</div>
	</div>
	</main>
	<!-- ========= END OF CLASS DATA ========= -->
	<footer role="contentinfo">
	<nav role="navigation">
	<!-- ======= START OF BOTTOM NAVBAR ====== -->
	<div class="bottomNav"><a id="navbar.bottom">
	<!-- -->
	</a>
	<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
	<a id="navbar.bottom.firstrow">
	<!-- -->
	</a>
	<ul class="navList" title="Navigation">
	<li><a href="../../../../../index.html">Overview</a></li>
	<li><a href="package-summary.html">Package</a></li>
	<li class="navBarCell1Rev">Class</li>
	<li><a href="class-use/PasswordService.html">Use</a></li>
	<li><a href="package-tree.html">Tree</a></li>
	<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
	<li><a href="../../../../../index-all.html">Index</a></li>
	<li><a href="../../../../../help-doc.html">Help</a></li>
	</ul>
	</div>
	<div class="subNav">
	<ul class="navList" id="allclasses_navbar_bottom">
	<li><a href="../../../../../allclasses.html">All Classes</a></li>
	</ul>
	<div>
	<script type="text/javascript"><!--
	allClassesLink = document.getElementById("allclasses_navbar_bottom");
	if(window==top) {
	allClassesLink.style.display = "block";
	}
	else {
	allClassesLink.style.display = "none";
	}
	//-->
	</script>
	<noscript>
	<div>JavaScript is disabled on your browser.</div>
	</noscript>
	</div>
	<div>
	<ul class="subNavList">
	<li>Summary: </li>
	<li>Nested \| </li>
	<li>Field \| </li>
	<li>Constr \| </li>
	<li><a href="#method.summary">Method</a></li>
	</ul>
	<ul class="subNavList">
	<li>Detail: </li>
	<li>Field \| </li>
	<li>Constr \| </li>
	<li><a href="#method.detail">Method</a></li>
	</ul>
	</div>
	<a id="skip.navbar.bottom">
	<!-- -->
	</a></div>
	<!-- ======== END OF BOTTOM NAVBAR ======= -->
	</nav>
	<p class="legalCopy"><small>Copyright © 2004–2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p>
	</footer>
	</body>
	</html>