PasswordEncoder (Atlassian Security 3.2.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.security.password
Interface PasswordEncoder

All Known Implementing Classes:: DefaultPasswordEncoder

public interface PasswordEncoder

Encodes passwords for storage in an application and allows verification of raw passwords against the stored versions. The actual encoding mechanism depends on the implementation.

See Also:: for a useful starting point for new implementations

Method Summary
`boolean`	`canDecodePassword(String encodedPassword)` Returns `true` if the encodedPassword is in the right format for decoding and verification by this implementation, otherwise `false`.
`String`	`encodePassword(String rawPassword)` Encodes a password and returns it as a String suitable for storage by the client.
`boolean`	`isValidPassword(String rawPassword, String encodedPassword)` Returns `true` if the rawPassword matches the stored password hash in encodedPassword, otherwise `false`.

Method Detail

encodePassword

String encodePassword(String rawPassword)
                      throws IllegalArgumentException

Encodes a password and returns it as a String suitable for storage by the client.

Implementations must perform a one-way hashing operation on the rawPassword so that the rawPassword cannot practically be derived from the encoded result by an attacker.

It is recommended that implementations include a unique prefix in their encoded form which will allow canDecodePassword(String) to be implemented easily.

Parameters:: rawPassword - the password provided by the user
Returns:: the encoded password
Throws:: IllegalArgumentException - if the rawPassword is null or empty

isValidPassword

boolean isValidPassword(String rawPassword,
                        String encodedPassword)
                        throws IllegalArgumentException

Returns true if the rawPassword matches the stored password hash in encodedPassword, otherwise false. The encodedPassword parameter should be the result of an earlier call to encodePassword(String). If the encoded password is not in a format which is handled by this encoder, this method will return false.

If multiple encodings are supported by an application, the client should call canDecodePassword(String) to check that the password was generated by this encoder before calling this method.

Parameters:: rawPassword - the raw password provided by the user for authentication; encodedPassword - the stored password associated with the user
Returns:: true if the rawPassword is a match for the
Throws:: IllegalArgumentException - if either rawPassword or encodedPassword is null or empty

canDecodePassword

boolean canDecodePassword(String encodedPassword)

Returns true if the encodedPassword is in the right format for decoding and verification by this implementation, otherwise false. For example, implementations might check the length of the encoded password or look for a particular prefix in the encoded string.

Parameters:: encodedPassword - the stored password associated with this user
Returns:: true if the encodedPassword can be decoded by this implementation, otherwise false