Package com.atlassian.crowd.password.encoder

Interface PasswordEncoder

All Known Subinterfaces:
InternalPasswordEncoder, LdapPasswordEncoder, UpgradeablePasswordEncoder
All Known Implementing Classes:
Argon2PasswordEncoder, AtlassianSecurityPasswordEncoder, AtlassianSHA1PasswordEncoder, BCryptPasswordEncoder, DESPasswordEncoder, LdapMd5PasswordEncoder, LdapShaPasswordEncoder, LdapSshaPasswordEncoder, PlaintextPasswordEncoder
public interface PasswordEncoder

Defines the operations and requirements for a class that needs to handle password operations in Crowd

Some of the below documentation is taken from Spring Security

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    encodePassword(String rawPass, Object salt)
    Encodes the specified raw password with an implementation specific algorithm.
    String
    getKey()
    The key to define this password encoder
    boolean
    isPasswordValid(String encPass, String rawPass, Object salt)
    Validates a specified "raw" password against an encoded password.

  • Method Details

    • encodePassword

      String encodePassword(String rawPass, Object salt) throws PasswordEncoderException

      Encodes the specified raw password with an implementation specific algorithm.

      This will generally be a one-way message digest such as MD5 or SHA, but may also be a plaintext variant which does no encoding at all, but rather returns the same password it was fed. The latter is useful to plug in when the original password must be stored as-is.

      The specified salt will potentially be used by the implementation to "salt" the initial value before encoding. A salt is usually a user-specific value which is added to the password before the digest is computed. This means that computation of digests for common dictionary words will be different than those in the backend store, because the dictionary word digests will not reflect the addition of the salt. If a per-user salt is used (rather than a system-wide salt), it also means users with the same password will have different digest encoded passwords in the backend store.

      If a salt value is provided, the same salt value must be use when calling the isPasswordValid(String, String, Object) method. Note that a specific implementation may choose to ignore the salt value (via null), or provide its own.

      Parameters:
      rawPass - the password to encode
      salt - optionally used by the implementation to "salt" the raw password before encoding. A null value is legal.
      Returns:
      encoded password
      Throws:
      PasswordEncoderException - if there were any issues trying to encode a password

    • isPasswordValid

      boolean isPasswordValid(String encPass, String rawPass, Object salt)

      Validates a specified "raw" password against an encoded password.

      The encoded password should have previously been generated by encodePassword(String, Object). This method will encode the rawPass (using the optional salt), and then compared it with the presented encPass.

      For a discussion of salts, please refer to encodePassword(String, Object).

      Parameters:
      encPass - a pre-encoded password
      rawPass - a raw password to encode and compare against the pre-encoded password
      salt - optionally used by the implementation to "salt" the raw password before encoding. A null value is legal.
      Returns:
      true if the password is valid , false otherwise

    • getKey

      String getKey()
      The key to define this password encoder