public final class PBEPasswordEncoder extends Object implements org.springframework.security.crypto.password.PasswordEncoder
This class implements the Spring Security 4.x org.springframework.security.crypto.password.PasswordEncoder interface, allowing Spring Security-enabled applications to use JASYPT for password encryption.
Important: This class allows bi-directional password-based encryption of user passwords in Spring Security using Jasypt. But please note that passwords should not be encrypted in a bi-directional way, but instead as uni-directional digests (hashes). Encrypting passwords in a way they can be decrypted can be a severe security issue, and should only be considered in legacy or complex inter-application integration scenarios.
Objects of this class will internally hold either an object of type
org.jasypt.util.text.TextEncryptor or an object of type
org.jasypt.encryption.pbe.PBEStringEncryptor (only one of them),
which should be set by respectively calling
setTextEncryptor(TextEncryptor) or
setPbeStringEncryptor(PBEStringEncryptor)
after creation. If neither a TextEncryptor nor
a PBEStringEncryptor are set, a new
org.jasypt.util.text.BasicTextEncryptor object is
created and internally used.
Usage with a TextEncryptor
This class can be used like this from your Spring XML resource files:
...
<!-- Your application may use the TextEncryptor in several places, -->
<!-- like for example at new user sign-up. -->
<bean id="jasyptTextEncryptor" class="org.jasypt.util.text.StrongTextEncryptor" >
<property name="password" value="myPassword" />
</bean>
...
...
<!-- This Spring Security-friendly PasswordEncoder implementation will -->
<!-- wrap the TextEncryptor instance so that it can be used from -->
<!-- the security framework. -->
<bean id="passwordEncoder" class="org.jasypt.springsecurity4.crypto.password.PBEPasswordEncoder">
<property name="textEncryptor">
<ref bean="jasyptTextEncryptor" />
</property>
</bean>
...
...
<!-- Your DaoAuthenticationProvider will then use it like with any -->
<!-- other implementation of the PasswordEncoder interface. -->
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
...
Usage with a PBEStringEncryptor
This class can be used like this from your Spring XML resource files:
...
<!-- Your application may use the PBEStringEncryptor in several places,-->
<!-- like for example at new user sign-up. -->
<bean id="jasyptPBEStringEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor" >
<property name="algorithm" value="PBEWithMD5AndTripleDES" />
<property name="password" value="myPassword" />
</bean>
...
...
<!-- This Spring Security-friendly PasswordEncoder implementation will -->
<!-- wrap the PBEStringEncryptor instance so that it can be used from -->
<!-- the security framework. -->
<bean id="passwordEncoder" class="org.jasypt.springsecurity4.crypto.password.PBEPasswordEncoder">
<property name="pbeStringEncryptor">
<ref bean="jasyptPBEStringEncryptor" />
</property>
</bean>
...
...
<!-- Your DaoAuthenticationProvider will then use it like with any -->
<!-- other implementation of the PasswordEncoder interface. -->
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
...
This class is thread-safe
| Constructor and Description |
|---|
PBEPasswordEncoder()
Creates a new instance of PBEPasswordEncoder
|
| Modifier and Type | Method and Description |
|---|---|
String |
encode(CharSequence rawPassword)
Encodes a password.
|
boolean |
matches(CharSequence rawPassword,
String encodedPassword)
Checks a password's validity.
|
void |
setPbeStringEncryptor(org.jasypt.encryption.pbe.PBEStringEncryptor pbeStringEncryptor)
Sets a string digester to be used.
|
void |
setTextEncryptor(org.jasypt.util.text.TextEncryptor textEncryptor)
Sets a text encryptor to be used.
|
public PBEPasswordEncoder()
public void setTextEncryptor(org.jasypt.util.text.TextEncryptor textEncryptor)
textEncryptor - the text encryptor instance to be used.public void setPbeStringEncryptor(org.jasypt.encryption.pbe.PBEStringEncryptor pbeStringEncryptor)
pbeStringEncryptor - the PBE string encryptor instance to be used.public String encode(CharSequence rawPassword)
encode in interface org.springframework.security.crypto.password.PasswordEncoderrawPassword - The password to be encoded.public boolean matches(CharSequence rawPassword, String encodedPassword)
matches in interface org.springframework.security.crypto.password.PasswordEncoderencodedPassword - The encrypted password against which to check.rawPassword - The password to be checked.Copyright © 2019 The JASYPT team. All rights reserved.