| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc --> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <title>PasswordService (Apache Shiro 1.13.0 API)</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="PasswordService (Apache Shiro 1.13.0 API)"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var methods = {"i0":6,"i1":6}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- Matomo --> <script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ /* We explicitly disable cookie tracking to avoid privacy issues */ _paq.push(['disableCookies']); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//matomo.privacy.apache.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '2']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code --> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/PasswordService.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../org/apache/shiro/authc/credential/Sha1CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../index.html?org/apache/shiro/authc/credential/PasswordService.html" target="_top">Frames</a></li> |
| <li><a href="PasswordService.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">org.apache.shiro.authc.credential</div> |
| <h2 title="Interface PasswordService" class="title">Interface PasswordService</h2> |
| </div> |
| <div class="contentContainer"> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Known Subinterfaces:</dt> |
| <dd><a href="../../../../../org/apache/shiro/authc/credential/HashingPasswordService.html" title="interface in org.apache.shiro.authc.credential">HashingPasswordService</a></dd> |
| </dl> |
| <dl> |
| <dt>All Known Implementing Classes:</dt> |
| <dd><a href="../../../../../org/apache/shiro/authc/credential/DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential">DefaultPasswordService</a></dd> |
| </dl> |
| <hr> |
| <br> |
| <pre>public interface <a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.72">PasswordService</a></pre> |
| <div class="block">A <code>PasswordService</code> supports common use cases when using passwords as a credentials mechanism. |
| <p/> |
| Most importantly, implementations of this interface are expected to employ best-practices to ensure that |
| passwords remain as safe as possible in application environments. |
| <h2>Usage</h2> |
| A <code>PasswordService</code> is used at two different times during an application's lifecycle: |
| <ul> |
| <li>When creating a user account or resetting their password</li> |
| <li>When a user logs in, when passwords must be compared</li> |
| </ul> |
| <h3>Account Creation or Password Reset</h3> |
| Whenever you create a new user account or reset that account's password, we must translate the end-user submitted |
| raw/plaintext password value to a string format that is much safer to store. You do that by calling the |
| <a href="../../../../../org/apache/shiro/authc/credential/PasswordService.html#encryptPassword-java.lang.Object-"><code>encryptPassword(Object)</code></a> method to create the safer value. For |
| example: |
| <pre> |
| String submittedPlaintextPassword = ... |
| String encryptedValue = passwordService.encryptPassword(submittedPlaintextPassword); |
| ... |
| userAccount.setPassword(encryptedValue); |
| userAccount.save(); //create or update to your data store |
| </pre> |
| Be sure to save this encrypted password in your data store and never the original/raw submitted password. |
| <h3>Login Password Comparison</h3> |
| Shiro performs the comparison during login automatically. Along with your <code>PasswordService</code>, you just |
| have to configure a <a href="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><code>PasswordMatcher</code></a> on a realm that has password-based accounts. During a login attempt, |
| shiro will use the <code>PasswordMatcher</code> and the <code>PasswordService</code> to automatically compare submitted |
| passwords. |
| <p/> |
| For example, if using Shiro's INI, here is how you might configure the PasswordMatcher and PasswordService: |
| <pre> |
| [main] |
| ... |
| passwordService = org.apache.shiro.authc.credential.DefaultPasswordService |
| # configure the passwordService to use the settings you desire |
| ... |
| passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher |
| passwordMatcher.passwordService = $passwordService |
| ... |
| # Finally, set the matcher on a realm that requires password matching for account authentication: |
| myRealm = ... |
| myRealm.credentialsMatcher = $passwordMatcher |
| </pre></div> |
| <dl> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.2</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../../org/apache/shiro/authc/credential/DefaultPasswordService.html" title="class in org.apache.shiro.authc.credential"><code>DefaultPasswordService</code></a>, |
| <a href="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><code>PasswordMatcher</code></a></dd> |
| </dl> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code><a href="https://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/shiro/authc/credential/PasswordService.html#encryptPassword-java.lang.Object-">encryptPassword</a></span>(<a href="https://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> plaintextPassword)</code> |
| <div class="block">Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset' |
| workflow) into a formatted string safe for storage.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/shiro/authc/credential/PasswordService.html#passwordsMatch-java.lang.Object-java.lang.String-">passwordsMatch</a></span>(<a href="https://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> submittedPlaintext, |
| <a href="https://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> encrypted)</code> |
| <div class="block">Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password, |
| <code>false</code> otherwise.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="encryptPassword-java.lang.Object-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>encryptPassword</h4> |
| <pre><a href="https://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> <a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.115">encryptPassword</a>(<a href="https://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> plaintextPassword) |
| throws <a href="https://docs.oracle.com/javase/6/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</a></pre> |
| <div class="block">Converts the specified plaintext password (usually acquired from your application's 'new user' or 'password reset' |
| workflow) into a formatted string safe for storage. The returned string can be safely saved with the |
| corresponding user account record (e.g. as a 'password' attribute). |
| <p/> |
| It is expected that the String returned from this method will be presented to the |
| <a href="../../../../../org/apache/shiro/authc/credential/PasswordService.html#passwordsMatch-java.lang.Object-java.lang.String-"><code>passwordsMatch(plaintext,encrypted)</code></a> method when performing a |
| password comparison check. |
| <h3>Usage</h3> |
| The input argument type can be any 'byte backed' <code>Object</code> - almost always either a |
| String or character array representing passwords (character arrays are often a safer way to represent passwords |
| as they can be cleared/nulled-out after use. Any argument type supported by |
| <code>ByteSource.Util#isCompatible(Object)</code> is valid. |
| <p/> |
| For example: |
| <pre> |
| String rawPassword = ... |
| String encryptedValue = passwordService.encryptPassword(rawPassword); |
| </pre> |
| or, identically: |
| <pre> |
| char[] rawPasswordChars = ... |
| String encryptedValue = passwordService.encryptPassword(rawPasswordChars); |
| </pre> |
| <p/> |
| The resulting <code>encryptedValue</code> should be stored with the account to be retrieved later during a |
| login attempt. For example: |
| <pre> |
| String encryptedValue = passwordService.encryptPassword(rawPassword); |
| ... |
| userAccount.setPassword(encryptedValue); |
| userAccount.save(); //create or update to your data store |
| </pre></div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>plaintextPassword</code> - the raw password as 'byte-backed' object (String, character array, <a href="../../../../../org/apache/shiro/util/ByteSource.html" title="interface in org.apache.shiro.util"><code>ByteSource</code></a>, |
| etc) usually acquired from your application's 'new user' or 'password reset' workflow.</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the encrypted password, formatted for storage.</dd> |
| <dt><span class="throwsLabel">Throws:</span></dt> |
| <dd><code><a href="https://docs.oracle.com/javase/6/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</a></code> - if the argument cannot be easily converted to bytes as defined by |
| <code>ByteSource.Util#isCompatible(Object)</code>.</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><code>ByteSource.Util#isCompatible(Object)</code></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="passwordsMatch-java.lang.Object-java.lang.String-"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>passwordsMatch</h4> |
| <pre>boolean <a href="../../../../../src-html/org/apache/shiro/authc/credential/PasswordService.html#line.146">passwordsMatch</a>(<a href="https://docs.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> submittedPlaintext, |
| <a href="https://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> encrypted)</pre> |
| <div class="block">Returns <code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password, |
| <code>false</code> otherwise. |
| <h3>Usage</h3> |
| The <code>submittedPlaintext</code> argument type can be any 'byte backed' <code>Object</code> - almost always either a |
| String or character array representing passwords (character arrays are often a safer way to represent passwords |
| as they can be cleared/nulled-out after use. Any argument type supported by |
| <code>ByteSource.Util#isCompatible(Object)</code> is valid. |
| <p/> |
| For example: |
| <pre> |
| String submittedPassword = ... |
| passwordService.passwordsMatch(submittedPassword, encryptedPassword); |
| </pre> |
| or similarly: |
| <pre> |
| char[] submittedPasswordCharacters = ... |
| passwordService.passwordsMatch(submittedPasswordCharacters, encryptedPassword); |
| </pre></div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>submittedPlaintext</code> - a raw/plaintext password submitted by an end user/Subject.</dd> |
| <dd><code>encrypted</code> - the previously encrypted password known to be associated with an account. |
| This value is expected to have been previously generated from the |
| <a href="../../../../../org/apache/shiro/authc/credential/PasswordService.html#encryptPassword-java.lang.Object-"><code>encryptPassword</code></a> method (typically |
| when the account is created or the account's password is reset).</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd><code>true</code> if the <code>submittedPlaintext</code> password matches the existing <code>saved</code> password, |
| <code>false</code> otherwise.</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><code>ByteSource.Util#isCompatible(Object)</code></dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/PasswordService.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../org/apache/shiro/authc/credential/PasswordMatcher.html" title="class in org.apache.shiro.authc.credential"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../org/apache/shiro/authc/credential/Sha1CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../index.html?org/apache/shiro/authc/credential/PasswordService.html" target="_top">Frames</a></li> |
| <li><a href="PasswordService.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| <p class="legalCopy"><small>Copyright © 2004–2023 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p> |
| </body> |
| </html> |