public interface PasswordEncryptor
SQLPasswordAuthenticationProvider.
The goal is to enable using different password encryption algorithms with
the built-in authentication provider.
In OACC v2.0.0-rc.7 and prior the built-in authentication provider always used
Jasypt internally and did not allow other options. Now there are factory methods
in SQLAccessControlContextFactory
to specify the PasswordEncryptor to be used in the built-in authentication provider.
The following password encryptor implementations are provided:
JasyptPasswordEncryptor - hashes passwords using a Jasypt digester and provides
the following static factory method(s) for different configuration options:
Compatibility notes:LegacyJasyptPasswordEncryptor used in OACC v2.0.0-rc.7 or before.
BCryptPasswordEncryptor - hashes passwords using an OpenBSD BCrypt implementation and provides
the following static factory method(s) for different configuration options:
TransitioningPasswordEncryptor - provides a means to transition from
an existing encryption scheme to a new one in an environment where OACC was
already deployed, i.e. where existing passwords in the tables were encrypted
with a different or older password encryptor. The transition can be configured
with the following static factory method:
| Modifier and Type | Method and Description |
|---|---|
boolean |
checkPassword(char[] plainPassword,
String encryptedPassword)
Checks an unencrypted password against an encrypted one to see if they match.
|
String |
encryptPassword(char[] password)
Encrypts a password.
|
String encryptPassword(char[] password)
password - the plaintext password as a cleanable char[]boolean checkPassword(char[] plainPassword,
String encryptedPassword)
plainPassword - the plaintext password as a cleanable char[]encryptedPassword - the (BASE-64) digest from an earlier encryption against which to check the plaintext password
OACC is a Java Application Security Framework developed by Acciente, LLC., released under Apache License 2.0.
Copyright 2009-2018, Acciente, LLC.