Source Code Cross Referenced for DefaultUser.java in  » Web-Mail » james-2.3.1 » org » apache » james » userrepository » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /****************************************************************
002:         * Licensed to the Apache Software Foundation (ASF) under one   *
003:         * or more contributor license agreements.  See the NOTICE file *
004:         * distributed with this work for additional information        *
005:         * regarding copyright ownership.  The ASF licenses this file   *
006:         * to you under the Apache License, Version 2.0 (the            *
007:         * "License"); you may not use this file except in compliance   *
008:         * with the License.  You may obtain a copy of the License at   *
009:         *                                                              *
010:         *   http://www.apache.org/licenses/LICENSE-2.0                 *
011:         *                                                              *
012:         * Unless required by applicable law or agreed to in writing,   *
013:         * software distributed under the License is distributed on an  *
014:         * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
015:         * KIND, either express or implied.  See the License for the    *
016:         * specific language governing permissions and limitations      *
017:         * under the License.                                           *
018:         ****************************************************************/package org.apache.james.userrepository;
019:
020:        import org.apache.james.security.DigestUtil;
021:        import org.apache.james.services.User;
022:
023:        import java.io.Serializable;
024:        import java.security.NoSuchAlgorithmException;
025:
026:        /**
027:         * Implementation of User Interface. Instances of this class do not allow
028:         * the the user name to be reset.
029:         *
030:         *
031:         * @version CVS $Revision: 494012 $
032:         */
033:
034:        public class DefaultUser implements  User, Serializable {
035:
036:            private static final long serialVersionUID = 5178048915868531270L;
037:
038:            private String userName;
039:            private String hashedPassword;
040:            private String algorithm;
041:
042:            /**
043:             * Standard constructor.
044:             *
045:             * @param name the String name of this user
046:             * @param hashAlg the algorithm used to generate the hash of the password
047:             */
048:            public DefaultUser(String name, String hashAlg) {
049:                userName = name;
050:                algorithm = hashAlg;
051:            }
052:
053:            /**
054:             * Constructor for repositories that are construcing user objects from
055:             * separate fields, e.g. databases.
056:             *
057:             * @param name the String name of this user
058:             * @param passwordHash the String hash of this users current password
059:             * @param hashAlg the String algorithm used to generate the hash of the
060:             * password
061:             */
062:            public DefaultUser(String name, String passwordHash, String hashAlg) {
063:                userName = name;
064:                hashedPassword = passwordHash;
065:                algorithm = hashAlg;
066:            }
067:
068:            /**
069:             * Accessor for immutable name
070:             *
071:             * @return the String of this users name
072:             */
073:            public String getUserName() {
074:                return userName;
075:            }
076:
077:            /**
078:             *  Method to verify passwords. 
079:             *
080:             * @param pass the String that is claimed to be the password for this user
081:             * @return true if the hash of pass with the current algorithm matches
082:             * the stored hash.
083:             */
084:            public boolean verifyPassword(String pass) {
085:                try {
086:                    String hashGuess = DigestUtil.digestString(pass, algorithm);
087:                    return hashedPassword.equals(hashGuess);
088:                } catch (NoSuchAlgorithmException nsae) {
089:                    throw new RuntimeException("Security error: " + nsae);
090:                }
091:            }
092:
093:            /**
094:             * Sets new password from String. No checks made on guessability of
095:             * password.
096:             *
097:             * @param newPass the String that is the new password.
098:             * @return true if newPass successfuly hashed
099:             */
100:            public boolean setPassword(String newPass) {
101:                try {
102:                    hashedPassword = DigestUtil
103:                            .digestString(newPass, algorithm);
104:                    return true;
105:                } catch (NoSuchAlgorithmException nsae) {
106:                    throw new RuntimeException("Security error: " + nsae);
107:                }
108:            }
109:
110:            /**
111:             * Method to access hash of password
112:             *
113:             * @return the String of the hashed Password
114:             */
115:            protected String getHashedPassword() {
116:                return hashedPassword;
117:            }
118:
119:            /**
120:             * Method to access the hashing algorithm of the password.
121:             *
122:             * @return the name of the hashing algorithm used for this user's password
123:             */
124:            protected String getHashAlgorithm() {
125:                return algorithm;
126:            }
127:
128:        }