- * Convenience base for Digest password encoders - *
- * - * @author colin sampaleanu - * @version $Id$ - */ -public abstract class BaseDigestPasswordEncoder implements PasswordEncoder { - - //~ Instance fields ======================================================== - private boolean encodeHashAsBase64 = false; - - //~ Methods ================================================================ - - /** - * The encoded password is normally returned as Hex (32 char) version of the - * hash bytes. Setting this property to true will cause the encoded pass to - * be returned as Base64 text, which will consume 24 characters. - */ - public void setEncodeHashAsBase64(boolean encodeHashAsBase64) { - this.encodeHashAsBase64 = encodeHashAsBase64; - } - public boolean getEncodeHashAsBase64() { - return encodeHashAsBase64; - } - -} diff --git a/core/src/main/java/org/acegisecurity/providers/dao/MD5PasswordEncoder.java b/core/src/main/java/org/acegisecurity/providers/dao/MD5PasswordEncoder.java deleted file mode 100644 index c3694bbe94..0000000000 --- a/core/src/main/java/org/acegisecurity/providers/dao/MD5PasswordEncoder.java +++ /dev/null @@ -1,63 +0,0 @@ -/* Copyright 2004 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package net.sf.acegisecurity.providers.dao; - -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.codec.digest.DigestUtils; - - -/** - *- * MD5 implementation of PasswordEncoder. - *
- * - *- * A null password is encoded to the same value as an empty ("") password. - *
- * - * @author colin sampaleanu - * @version $Id$ - */ -public class MD5PasswordEncoder extends BaseDigestPasswordEncoder implements PasswordEncoder { - //~ Methods ================================================================ - - /* (non-Javadoc) - * @see net.sf.acegisecurity.providers.dao.PasswordEncoder#isPasswordValid(java.lang.String, java.lang.String, java.lang.Object) - */ - public boolean isPasswordValid(String encPass, String rawPass, Object saltSource) { - - String pass1 = "" + encPass; - String pass2 = encodeInternal("" + rawPass); - - return pass1.equals(pass2); - } - - /* (non-Javadoc) - * @see net.sf.acegisecurity.providers.dao.PasswordEncoder#encodePassword(java.lang.String, java.lang.Object) - */ - public String encodePassword(String rawPass, Object saltSource) { - return encodeInternal("" + rawPass); - } - - private String encodeInternal(String input) { - - if (!getEncodeHashAsBase64()) - return DigestUtils.md5Hex(input); - - byte[] encoded = Base64.encodeBase64(DigestUtils.md5(input)); - return new String(encoded); - } -} diff --git a/core/src/main/java/org/acegisecurity/providers/dao/PasswordEncoder.java b/core/src/main/java/org/acegisecurity/providers/dao/PasswordEncoder.java deleted file mode 100644 index ba0db95c00..0000000000 --- a/core/src/main/java/org/acegisecurity/providers/dao/PasswordEncoder.java +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright 2004 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package net.sf.acegisecurity.providers.dao; - -import org.springframework.dao.DataAccessException; - - -/** - *- * Describes authentication operations on a password, so that digest algorithms - * can be abstracted - *
- * - * @author colin sampaleanu - * @version $Id$ - */ -public interface PasswordEncoder { - //~ Methods ================================================================ - - public boolean isPasswordValid(String encPass, String rawPass, - Object saltSource) - throws DataAccessException; - - public String encodePassword(String rawPass, Object saltSource) throws DataAccessException; -} diff --git a/core/src/main/java/org/acegisecurity/providers/dao/PlaintextPasswordEncoder.java b/core/src/main/java/org/acegisecurity/providers/dao/PlaintextPasswordEncoder.java deleted file mode 100644 index 91c15bf87f..0000000000 --- a/core/src/main/java/org/acegisecurity/providers/dao/PlaintextPasswordEncoder.java +++ /dev/null @@ -1,69 +0,0 @@ -/* Copyright 2004 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package net.sf.acegisecurity.providers.dao; - -/** - *- * Plaintext implementation of PasswordEncoder. - *
- * - * @author colin sampaleanu - * @version $Id$ - */ -public class PlaintextPasswordEncoder implements PasswordEncoder { - - //~ Instance fields ======================================================== - private boolean ignorePasswordCase = false; - - //~ Methods ================================================================ - - /** - * Indicates whether the password comparison is case sensitive. Defaults to - *false, meaning an exact case match is required.
- *
- * @param ignorePasswordCase set to true for less stringent
- * comparison
- */
- public void setIgnorePasswordCase(boolean ignorePasswordCase) {
- this.ignorePasswordCase = ignorePasswordCase;
- }
-
- public boolean isIgnorePasswordCase() {
- return ignorePasswordCase;
- }
-
- /* (non-Javadoc)
- * @see net.sf.acegisecurity.providers.dao.PasswordEncoder#isPasswordValid(java.lang.String, java.lang.String, java.lang.Object)
- */
- public boolean isPasswordValid(String encPass, String rawPass, Object saltSource) {
-
- String pass1 = "" + encPass;
- String pass2 = "" + rawPass;
-
- if (!ignorePasswordCase) {
- return pass1.equals(pass2);
- } else {
- return pass1.equalsIgnoreCase(pass2);
- }
- }
-
- /* (non-Javadoc)
- * @see net.sf.acegisecurity.providers.dao.PasswordEncoder#encodePassword(java.lang.String, java.lang.Object)
- */
- public String encodePassword(String rawPass, Object saltSource) {
- return rawPass;
- }
-}
diff --git a/core/src/main/java/org/acegisecurity/providers/dao/SHAPasswordEncoder.java b/core/src/main/java/org/acegisecurity/providers/dao/SHAPasswordEncoder.java
deleted file mode 100644
index 2fd7ad523e..0000000000
--- a/core/src/main/java/org/acegisecurity/providers/dao/SHAPasswordEncoder.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/* Copyright 2004 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package net.sf.acegisecurity.providers.dao;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
-
-/**
- * - * SHA implementation of PasswordEncoder. - *
- * - *- * A null password is encoded to the same value as an empty ("") password. - *
- * - * @author colin sampaleanu - * @version $Id$ - */ -public class SHAPasswordEncoder extends BaseDigestPasswordEncoder implements PasswordEncoder { - - /* (non-Javadoc) - * @see net.sf.acegisecurity.providers.dao.PasswordEncoder#isPasswordValid(java.lang.String, java.lang.String, java.lang.Object) - */ - public boolean isPasswordValid(String encPass, String rawPass, Object saltSource) { - - String pass1 = "" + encPass; - String pass2 = encodeInternal("" + rawPass); - - return pass1.equals(pass2); - } - - /* (non-Javadoc) - * @see net.sf.acegisecurity.providers.dao.PasswordEncoder#encodePassword(java.lang.String, java.lang.Object) - */ - public String encodePassword(String rawPass, Object saltSource) { - return encodeInternal("" + rawPass); - } - - private String encodeInternal(String input) { - - if (!getEncodeHashAsBase64()) - return DigestUtils.shaHex(input); - - byte[] encoded = Base64.encodeBase64(DigestUtils.sha(input)); - return new String(encoded); - } -}