Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jasypt.spring.security3
Class PBEPasswordEncoder

Object
  extended by org.jasypt.spring.security3.PBEPasswordEncoder
All Implemented Interfaces:
org.springframework.security.authentication.encoding.PasswordEncoder
public final class PBEPasswordEncoder
extends Object
implements org.springframework.security.authentication.encoding.PasswordEncoder

This class implements the Spring Security 3.x org.springframework.security.providers.encoding.PasswordEncoder interface, allowing Spring Security-enabled applications to use JASYPT for password encryption.

Important: This class allows bi-directional password-based encryption of user passwords in Spring Security using Jasypt. But please note that passwords should not be encrypted in a bi-directional way, but instead as uni-directional digests (hashes). Encrypting passwords in a way they can be decrypted can be a severe security issue, and should only be considered in legacy or complex inter-application integration scenarios.

Objects of this class will internally hold either an object of type org.jasypt.util.text.TextEncryptor or an object of type org.jasypt.encryption.pbe.PBEStringEncryptor (only one of them), which should be set by respectively calling setTextEncryptor(TextEncryptor) or setPbeStringEncryptor(PBEStringEncryptor) after creation. If neither a TextEncryptor nor a PBEStringEncryptor are set, a new org.jasypt.util.text.BasicTextEncryptor object is created and internally used.

Important: This implementation ignores any salt provided through the interface methods, as the internal Jasypt TextEncryptor or PBEStringEncryptor objects normally use a random one. This means that salt can be safely passed as null.

Usage with a TextEncryptor

This class can be used like this from your Spring XML resource files: 

  ...
  <!-- Your application may use the TextEncryptor in several places,     --> 
  <!-- like for example at new user sign-up.                             --> 
  <bean id="jasyptTextEncryptor" class="org.jasypt.util.text.StrongTextEncryptor" >
    <property name="password" value="myPassword" />
  </bean>
  ...
  ...
  <!-- This Spring Security-friendly PasswordEncoder implementation will -->
  <!-- wrap the TextEncryptor instance so that it can be used from       -->
  <!-- the security framework.                                           -->
  <bean id="passwordEncoder" class="org.jasypt.spring.security2.PBEPasswordEncoder">
    <property name="textEncryptor">
      <ref bean="jasyptTextEncryptor" />
    </property>
  </bean>
  ...
  ...
  <!-- Your DaoAuthenticationProvider will then use it like with any     -->
  <!-- other implementation of the PasswordEncoder interface.            -->
  <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
      <property name="userDetailsService" ref="userDetailsService"/>
      <property name="passwordEncoder">
        <ref bean="passwordEncoder" />
      </property>
  </bean>
  ...

Usage with a PBEStringEncryptor

This class can be used like this from your Spring XML resource files: 

  ...
  <!-- Your application may use the PBEStringEncryptor in several places,--> 
  <!-- like for example at new user sign-up.                             --> 
  <bean id="jasyptPBEStringEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor" >
    <property name="algorithm" value="PBEWithMD5AndTripleDES" />
    <property name="password" value="myPassword" />
  </bean>
  ...
  ...
  <!-- This Spring Security-friendly PasswordEncoder implementation will -->
  <!-- wrap the PBEStringEncryptor instance so that it can be used from  -->
  <!-- the security framework.                                           -->
  <bean id="passwordEncoder" class="org.jasypt.spring.security2.PBEPasswordEncoder">
    <property name="pbeStringEncryptor">
      <ref bean="jasyptPBEStringEncryptor" />
    </property>
  </bean>
  ...
  ...
  <!-- Your DaoAuthenticationProvider will then use it like with any     -->
  <!-- other implementation of the PasswordEncoder interface.            -->
  <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
      <property name="userDetailsService" ref="userDetailsService"/>
      <property name="passwordEncoder">
        <ref bean="passwordEncoder" />
      </property>
  </bean>
  ...

This class is thread-safe

Since:
1.6
Author:
Daniel Fernández

Constructor Summary
PBEPasswordEncoder()
          Creates a new instance of PBEPasswordEncoder
 
Method Summary
 String encodePassword(String rawPass, Object salt)
          Encodes a password.
 boolean isPasswordValid(String encPass, String rawPass, Object salt)
          Checks a password's validity.
 void setPbeStringEncryptor(PBEStringEncryptor pbeStringEncryptor)
          Sets a string digester to be used.
 void setTextEncryptor(TextEncryptor textEncryptor)
          Sets a text encryptor to be used.
 
Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PBEPasswordEncoder

public PBEPasswordEncoder()
Creates a new instance of PBEPasswordEncoder

Method Detail

setTextEncryptor

public void setTextEncryptor(TextEncryptor textEncryptor)
Sets a text encryptor to be used. Only one of setTextEncryptor or setPBEStringEncryptor should be called. If both are, the last call will define which method will be used.

Parameters:
textEncryptor - the text encryptor instance to be used.

setPbeStringEncryptor

public void setPbeStringEncryptor(PBEStringEncryptor pbeStringEncryptor)
Sets a string digester to be used. Only one of setTextEncryptor or setPBEStringEncryptor should be called. If both are, the last call will define which method will be used.

Parameters:
pbeStringEncryptor - the PBE string encryptor instance to be used.

encodePassword

public String encodePassword(String rawPass,
                             Object salt)
Encodes a password. This implementation completely ignores salt, as jasypt's TextEncryptor and PBEStringEncryptor normally use a random one. Thus, it can be safely passed as null.

Specified by:
encodePassword in interface org.springframework.security.authentication.encoding.PasswordEncoder
Parameters:
rawPass - The password to be encoded.
salt - The salt, which will be ignored. It can be null.

isPasswordValid

public boolean isPasswordValid(String encPass,
                               String rawPass,
                               Object salt)
Checks a password's validity. This implementation completely ignores salt, as jasypt's TextEncryptor and PBEStringEncryptor normally use a random one. Thus, it can be safely passed as null.

Specified by:
isPasswordValid in interface org.springframework.security.authentication.encoding.PasswordEncoder
Parameters:
encPass - The encrypted password against which to check.
rawPass - The password to be checked.
salt - The salt, which will be ignored. It can be null.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011 The JASYPT team. All Rights Reserved.