public abstract class ConfigurablePasswordProvider extends Object implements PasswordProvider, PasswordUtility, ApplicationContextAware
PasswordProvider
implementations, providing
configuration for default behaviors. There is no need for a subclass to
use this implementation.SecuritySystem
,
Permissions
Modifier and Type | Field and Description |
---|---|
protected OmeroContext |
ctx |
protected String |
hash
Hash implementation to use for encoding passwords to check and changed
passwords.
|
protected boolean |
ignoreUnknown
If true, this implementation should return a null on
checkPassword(String, String, boolean) if the user is unknown,
otherwise a Boolean.FALSE . |
protected PasswordUtil |
legacyUtil
Possibly null
PasswordUtil instance which will be used as a
fallback for password checks if the util instance fails. |
protected org.slf4j.Logger |
log |
protected boolean |
salt
Whether or not salting based on the user ID should be attempted.
|
protected PasswordUtil |
util |
Constructor and Description |
---|
ConfigurablePasswordProvider(PasswordUtil util)
Call
ConfigurablePasswordProvider(PasswordUtil, boolean)
with "ignoreUnknown" equal to false. |
ConfigurablePasswordProvider(PasswordUtil util,
boolean ignoreUnknown)
Call
ConfigurablePasswordProvider(PasswordUtil, boolean, boolean)
with "salt" equal to false. |
ConfigurablePasswordProvider(PasswordUtil util,
boolean ignoreUnknown,
boolean salt) |
Modifier and Type | Method and Description |
---|---|
void |
changePassword(String user,
String password)
Throws by default.
|
Boolean |
checkPassword(String user,
String password,
boolean readOnly)
If this was constructed with the
ignoreUnknown argument set to
true , returns null , since the base class knows no users. |
Boolean |
comparePasswords(Long userId,
String trusted,
String provided)
Compares the password provided by the user (unhashed) against the given
trusted password.
|
protected boolean |
comparePasswords(Long userId,
String trusted,
String provided,
PasswordUtil util) |
Boolean |
comparePasswords(String trusted,
String provided)
Compares the password provided by the user (unhashed) against the given
trusted password.
|
protected String |
encodePassword(Long userId,
String newPassword,
boolean salt,
PasswordUtil util) |
String |
encodePassword(String newPassword)
Encodes the password as it would be encoded for a check by
comparePasswords(String, String) |
String |
encodeSaltedPassword(Long userId,
String newPassword)
Encodes the password as it would be encoded for a check by
comparePasswords(String, String) salting the password
with the given userId if it's provided. |
boolean |
hasPassword(String user)
Always returns false, override with specific logic.
|
protected Boolean |
loginAttempt(String user,
Boolean success) |
void |
setApplicationContext(ApplicationContext ctx) |
void |
setLegacyUtil(PasswordUtil legacy) |
protected final org.slf4j.Logger log
protected final String hash
protected final boolean salt
protected final boolean ignoreUnknown
checkPassword(String, String, boolean)
if the user is unknown,
otherwise a Boolean.FALSE
. Default value: falseprotected final PasswordUtil util
protected PasswordUtil legacyUtil
PasswordUtil
instance which will be used as a
fallback for password checks if the util
instance fails.protected OmeroContext ctx
public ConfigurablePasswordProvider(PasswordUtil util)
ConfigurablePasswordProvider(PasswordUtil, boolean)
with "ignoreUnknown" equal to false.util
- an instance of the password utility classpublic ConfigurablePasswordProvider(PasswordUtil util, boolean ignoreUnknown)
ConfigurablePasswordProvider(PasswordUtil, boolean, boolean)
with "salt" equal to false.util
- an instance of the password utility classignoreUnknown
- if checkPassword(String, String, boolean)
should
return null
rather than Boolean.FALSE
for unknown userspublic ConfigurablePasswordProvider(PasswordUtil util, boolean ignoreUnknown, boolean salt)
public void setApplicationContext(ApplicationContext ctx) throws BeansException
setApplicationContext
in interface ApplicationContextAware
BeansException
public void setLegacyUtil(PasswordUtil legacy)
public boolean hasPassword(String user)
hasPassword
in interface PasswordProvider
public Boolean checkPassword(String user, String password, boolean readOnly)
ignoreUnknown
argument set to
true
, returns null
, since the base class knows no users.
Otherwise, returns Boolean.FALSE
specifying that
authentication should fail.checkPassword
in interface PasswordProvider
public void changePassword(String user, String password) throws PasswordChangeException
changePassword
in interface PasswordProvider
PasswordChangeException
public String encodePassword(String newPassword)
comparePasswords(String, String)
encodePassword
in interface PasswordUtility
public String encodeSaltedPassword(Long userId, String newPassword)
comparePasswords(String, String)
salting the password
with the given userId if it's provided.userId
- a user ID (may be null
)newPassword
- a passwordprotected String encodePassword(Long userId, String newPassword, boolean salt, PasswordUtil util)
public Boolean comparePasswords(String trusted, String provided)
checkPassword(String, String, boolean)
.
For this implementation, if the trusted password is null, return
Boolean.FALSE
. If the trusted password is empty (only
whitespace), return Boolean.TRUE
. Otherwise return the result of
String.equals(Object)
.comparePasswords
in interface PasswordUtility
public Boolean comparePasswords(Long userId, String trusted, String provided)
Boolean.FALSE
. If the trusted password is empty (only
whitespace), return Boolean.TRUE
. Otherwise return the results of
String.equals(Object)
.
If necessary, falls back to using a legacy password utility class if one was set by setLegacyUtil(PasswordUtil)
.userId
- a user IDtrusted
- the user's trusted passwordprovided
- the provided passwordprotected boolean comparePasswords(Long userId, String trusted, String provided, PasswordUtil util)
Version: 5.2.8-ice35-b57
Copyright © 2017 The University of Dundee & Open Microscopy Environment. All Rights Reserved.