01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity.providers.encoding;
17:
18: /**
19: * <p>Plaintext implementation of PasswordEncoder.</p>
20: * <P>As callers may wish to extract the password and salts separately from the encoded password, the salt must
21: * not contain reserved characters (specifically '{' and '}').</p>
22: *
23: * @author colin sampaleanu
24: * @author Ben Alex
25: * @version $Id: PlaintextPasswordEncoder.java 1496 2006-05-23 13:38:33Z benalex $
26: */
27: public class PlaintextPasswordEncoder extends BasePasswordEncoder {
28: //~ Instance fields ================================================================================================
29:
30: private boolean ignorePasswordCase = false;
31:
32: //~ Methods ========================================================================================================
33:
34: public String encodePassword(String rawPass, Object salt) {
35: return mergePasswordAndSalt(rawPass, salt, true);
36: }
37:
38: public boolean isIgnorePasswordCase() {
39: return ignorePasswordCase;
40: }
41:
42: public boolean isPasswordValid(String encPass, String rawPass,
43: Object salt) {
44: String pass1 = encPass + "";
45:
46: // Strict delimiters is false because pass2 never persisted anywhere
47: // and we want to avoid unnecessary exceptions as a result (the
48: // authentication will fail as the encodePassword never allows them)
49: String pass2 = mergePasswordAndSalt(rawPass, salt, false);
50:
51: if (!ignorePasswordCase) {
52: return pass1.equals(pass2);
53: } else {
54: return pass1.equalsIgnoreCase(pass2);
55: }
56: }
57:
58: /**
59: * Demerges the previously {@link #encodePassword(String, Object)}<code>String</code>.<P>The resulting
60: * array is guaranteed to always contain two elements. The first is the password, and the second is the salt.</p>
61: * <P>Throws an exception if <code>null</code> or an empty <code>String</code> is passed to the method.</p>
62: *
63: * @param password from {@link #encodePassword(String, Object)}
64: *
65: * @return an array containing the password and salt
66: */
67: public String[] obtainPasswordAndSalt(String password) {
68: return demergePasswordAndSalt(password);
69: }
70:
71: /**
72: * Indicates whether the password comparison is case sensitive.<P>Defaults to <code>false</code>, meaning
73: * an exact case match is required.</p>
74: *
75: * @param ignorePasswordCase set to <code>true</code> for less stringent comparison
76: */
77: public void setIgnorePasswordCase(boolean ignorePasswordCase) {
78: this.ignorePasswordCase = ignorePasswordCase;
79: }
80: }
|