org.opencms.security

Interface I_CmsPasswordHandler

All Superinterfaces:

I_CmsConfigurationParameterHandler

All Known Implementing Classes:

CmsAdvancedPasswordHandler, CmsDefaultPasswordHandler

public interface I_CmsPasswordHandler
extends I_CmsConfigurationParameterHandler

Defines methods for OpenCms password validation.

Since:

6.0.0

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CONVERT_DIGEST_ENCODING Flag for conversion of the password encoding.
static java.lang.String	DIGEST_TYPE_MD5 String to identify the key value for md5 password hashes.
static java.lang.String	DIGEST_TYPE_PLAIN String to identify the key value for unhashed passwords.
static java.lang.String	DIGEST_TYPE_SCRYPT String to identify the key value for SCrypt password hashes.
static java.lang.String	DIGEST_TYPE_SHA String to identify the key value for sha password hashes.
static java.lang.String	DIGEST_TYPE_SSHA String to identify the key value for sha password hashes with 4 byte salt.

Fields inherited from interface org.opencms.configuration.I_CmsConfigurationParameterHandler

ADD_PARAMETER_METHOD, INIT_CONFIGURATION_METHOD

Method Summary

Modifier and Type	Method and Description
boolean	checkPassword(java.lang.String plainPassword, java.lang.String digestedPassword, boolean useFallback) This method checks if the given plain text password is equal to the given digested password.
java.lang.String	digest(java.lang.String password) Creates an OpenCms password digest according to the default setting for method/encodings.
java.lang.String	digest(java.lang.String password, java.lang.String digestType, java.lang.String inputEncoding) Creates an OpenCms password digest.
java.lang.String	getDigestType() Returns the default digest type.
java.lang.String	getInputEncoding() Returns the default password encoding.
void	setDigestType(java.lang.String digestType) Sets the default digest type.
void	setInputEncoding(java.lang.String inputEncoding) Sets the default input encoding.
void	validatePassword(java.lang.String password) This method checks if a new password follows the rules for new passwords, which are defined by a Class configured in the opencms.properties file.

Methods inherited from interface org.opencms.configuration.I_CmsConfigurationParameterHandler

addConfigurationParameter, getConfiguration, initConfiguration

Field Detail

CONVERT_DIGEST_ENCODING

static final java.lang.String CONVERT_DIGEST_ENCODING

Flag for conversion of the password encoding.

See Also:

Constant Field Values

DIGEST_TYPE_MD5

static final java.lang.String DIGEST_TYPE_MD5

String to identify the key value for md5 password hashes.

See Also:

Constant Field Values

DIGEST_TYPE_PLAIN

static final java.lang.String DIGEST_TYPE_PLAIN

String to identify the key value for unhashed passwords.

See Also:

Constant Field Values

DIGEST_TYPE_SHA

static final java.lang.String DIGEST_TYPE_SHA

String to identify the key value for sha password hashes.

See Also:

Constant Field Values

DIGEST_TYPE_SSHA

static final java.lang.String DIGEST_TYPE_SSHA

String to identify the key value for sha password hashes with 4 byte salt.

See Also:

Constant Field Values

DIGEST_TYPE_SCRYPT

static final java.lang.String DIGEST_TYPE_SCRYPT

String to identify the key value for SCrypt password hashes.

See Also:

Constant Field Values

Method Detail

checkPassword

boolean checkPassword(java.lang.String plainPassword,
                      java.lang.String digestedPassword,
                      boolean useFallback)

This method checks if the given plain text password is equal to the given digested password.

Use this to check salted passwords. If the password is salted, it needs to be checked with the salt (and possible other parameters) stored in the digested password. Just digesting the password again and comparing the result to a previous digest won't work because the salt will usually be different.

Parameters:

plainPassword - the plain text password to check

digestedPassword - the digested password to compare with the plain password

useFallback - if true, then use a fall back hashing algorithm in case first validation fails

Returns:

false if the validation of the password failed

digest

java.lang.String digest(java.lang.String password)
                 throws CmsPasswordEncryptionException

Creates an OpenCms password digest according to the default setting for method/encodings.

Parameters:

password - the password to encrypt

Returns:

the password digest

Throws:

CmsPasswordEncryptionException - if something goes wrong

digest

java.lang.String digest(java.lang.String password,
                        java.lang.String digestType,
                        java.lang.String inputEncoding)
                 throws CmsPasswordEncryptionException

Creates an OpenCms password digest.

Parameters:

password - the password to encrypt

digestType - the algorithm used for encryption (i.e. MD5, SHA ...)

inputEncoding - the encoding used when converting the password to bytes (i.e. UTF-8)

Returns:

the password digest

Throws:

CmsPasswordEncryptionException - if something goes wrong

getDigestType

java.lang.String getDigestType()

Returns the default digest type.

Returns:

the default digest type

getInputEncoding

java.lang.String getInputEncoding()

Returns the default password encoding.

Returns:

the default password encoding

setDigestType

void setDigestType(java.lang.String digestType)

Sets the default digest type.

Parameters:

digestType - the digest type used

setInputEncoding

void setInputEncoding(java.lang.String inputEncoding)

Sets the default input encoding.

Parameters:

inputEncoding - the encoding used for translation the password string to bytes

validatePassword

void validatePassword(java.lang.String password)
               throws CmsSecurityException

This method checks if a new password follows the rules for new passwords, which are defined by a Class configured in the opencms.properties file.

If this method throws no exception the password is valid.

Parameters:

password - the password to check

Throws:

CmsSecurityException - if validation of the password failed