SEC-1205: Added comment to Javadoc for PasswordComparisonAuthenticator to indicate that it won't work with SSHA passwords
This commit is contained in:
parent
931cf90dbb
commit
719a5e09d8
|
@ -38,6 +38,8 @@ import org.springframework.util.Assert;
|
||||||
* <p>
|
* <p>
|
||||||
* If passwords are stored in digest form in the repository, then a suitable {@link PasswordEncoder}
|
* If passwords are stored in digest form in the repository, then a suitable {@link PasswordEncoder}
|
||||||
* implementation must be supplied. By default, passwords are encoded using the {@link LdapShaPasswordEncoder}.
|
* implementation must be supplied. By default, passwords are encoded using the {@link LdapShaPasswordEncoder}.
|
||||||
|
* Note that compare operations will not work if salted-SHA (SSHA) passwords are used, as it is not possible to
|
||||||
|
* know the salt value which is a random byte sequence generated by the directory.
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
|
|
Loading…
Reference in New Issue