Interface HashingPasswordService

All Superinterfaces:
PasswordService
All Known Implementing Classes:
DefaultPasswordService
public interface HashingPasswordService extends PasswordService
A HashingPasswordService is a PasswordService that performs password encryption and comparisons based on cryptographic Hashes.
Since:
1.2

  • Method Summary

    Modifier and Type
    Method
    Description
    org.apache.shiro.crypto.hash.Hash
    hashPassword(Object plaintext)
    Hashes the specified plaintext password using internal hashing configuration settings pertinent to password hashing.
    boolean
    passwordsMatch(Object plaintext, org.apache.shiro.crypto.hash.Hash savedPasswordHash)
    Returns true if the submittedPlaintext password matches the existing savedPasswordHash, false otherwise.

    Methods inherited from interface org.apache.shiro.authc.credential.PasswordService

    encryptPassword, passwordsMatch

  • Method Details

    • hashPassword

      org.apache.shiro.crypto.hash.Hash hashPassword(Object plaintext) throws IllegalArgumentException
      Hashes the specified plaintext password using internal hashing configuration settings pertinent to password hashing.

      Note that this method is only likely to be used in more complex environments that wish to format and/or save the returned Hash object in a custom manner. Most applications will find the encryptPassword method suitable enough for safety and ease-of-use.

      Usage

      The input argument type can be any 'byte backed' Object - almost always either a String or character array representing passwords (character arrays are often a safer way to represent passwords as they can be cleared/nulled-out after use. Any argument type supported by ByteSource.Util.isCompatible(Object) is valid.

      Regardless of your choice of using Strings or character arrays to represent submitted passwords, you can wrap either as a ByteSource by using ByteSource.Util, for example, when the passwords are captured as Strings: 

       ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordString);
 Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
      or, identically, when captured as a character array: 
       ByteSource passwordBytes = ByteSource.Util.bytes(submittedPasswordCharacterArray);
 Hash hashedPassword = hashingPasswordService.hashPassword(passwordBytes);
      Parameters:
      plaintext - the raw password as 'byte-backed' object (String, character array, ByteSource, etc.) usually acquired from your application's 'new user' or 'password reset' workflow.
      Returns:
      the hashed password.
      Throws:
      IllegalArgumentException - if the argument cannot be easily converted to bytes as defined by ByteSource.Util.isCompatible(Object).
      See Also:

    • passwordsMatch

      boolean passwordsMatch(Object plaintext, org.apache.shiro.crypto.hash.Hash savedPasswordHash)
      Returns true if the submittedPlaintext password matches the existing savedPasswordHash, false otherwise. Note that this method is only likely to be used in more complex environments that save hashes in a custom manner. Most applications will find the passwordsMatch(plaintext,string) method sufficient if encrypting passwords as Strings.

      Usage

      The submittedPlaintext argument type can be any 'byte backed' Object - almost always either a String or character array representing passwords (character arrays are often a safer way to represent passwords as they can be cleared/nulled-out after use. Any argument type supported by ByteSource.Util.isCompatible(Object) is valid.
      Parameters:
      plaintext - a raw/plaintext password submitted by an end user/Subject.
      savedPasswordHash - the previously hashed password known to be associated with an account. This value is expected to have been previously generated from the hashPassword method (typically when the account is created or the account's password is reset).
      Returns:
      true if the plaintext password matches the existing savedPasswordHash, false otherwise.