| java.lang.Object | |
| ↳ | org.springframework.security.crypto.password.StandardPasswordEncoder |
Class Overview
A standard PasswordEncoder implementation that uses SHA-256 hashing with 1024 iterations and a
random 8-byte random salt value. It uses an additional system-wide secret value to provide additional protection.
The digest algorithm is invoked on the concatenated bytes of the salt, secret and password.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Constructs a standard password encoder with no additional secret value.
| |||||||||||
Constructs a standard password encoder with a secret value which is also included in the
password hash.
| |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Encode the raw password.
| |||||||||||
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.security.crypto.password.PasswordEncoder
| |||||||||||
Public Constructors
public StandardPasswordEncoder ()
Constructs a standard password encoder with no additional secret value.
public StandardPasswordEncoder (CharSequence secret)
Constructs a standard password encoder with a secret value which is also included in the password hash.
Parameters
| secret | the secret key used in the encoding process (should not be shared) |
|---|
Public Methods
public String encode (CharSequence rawPassword)
Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.
public boolean matches (CharSequence rawPassword, String encodedPassword)
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.
Parameters
| rawPassword | the raw password to encode and match |
|---|---|
| encodedPassword | the encoded password from storage to compare with |
Returns
- true if the raw password, after encoding, matches the encoded password from storage