SEC-1205: Added comment to Javadoc for PasswordComparisonAuthenticator to indicate that it won't work with SSHA passwords

This commit is contained in:
Luke Taylor 2009-07-22 16:11:24 +00:00
parent 931cf90dbb
commit 719a5e09d8
1 changed files with 2 additions and 0 deletions

View File

@ -38,6 +38,8 @@ import org.springframework.util.Assert;
* <p> * <p>
* If passwords are stored in digest form in the repository, then a suitable {@link PasswordEncoder} * If passwords are stored in digest form in the repository, then a suitable {@link PasswordEncoder}
* implementation must be supplied. By default, passwords are encoded using the {@link LdapShaPasswordEncoder}. * implementation must be supplied. By default, passwords are encoded using the {@link LdapShaPasswordEncoder}.
* Note that compare operations will not work if salted-SHA (SSHA) passwords are used, as it is not possible to
* know the salt value which is a random byte sequence generated by the directory.
* *
* @author Luke Taylor * @author Luke Taylor
* @version $Id$ * @version $Id$