public class Pbkdf2PasswordEncoder extends java.lang.Object implements PasswordEncoder
PasswordEncoder implementation that uses PBKDF2 with a configurable number of
iterations and a random 8-byte random salt value.
The width of the output hash can also be configured.
The algorithm is invoked on the concatenated bytes of the salt, secret and password.
| Modifier and Type | Class and Description |
|---|---|
static class |
Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
The Algorithm used for creating the
SecretKeyFactory |
| Constructor and Description |
|---|
Pbkdf2PasswordEncoder()
Constructs a PBKDF2 password encoder with no additional secret value.
|
Pbkdf2PasswordEncoder(java.lang.CharSequence secret)
Constructs a standard password encoder with a secret value which is also included
in the password hash.
|
Pbkdf2PasswordEncoder(java.lang.CharSequence secret,
int iterations,
int hashWidth)
Constructs a standard password encoder with a secret value as well as iterations
and hash.
|
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
encode(java.lang.CharSequence rawPassword)
Encode the raw password.
|
boolean |
matches(java.lang.CharSequence rawPassword,
java.lang.String encodedPassword)
Verify the encoded password obtained from storage matches the submitted raw
password after it too is encoded.
|
void |
setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretKeyFactoryAlgorithm)
Sets the algorithm to use.
|
void |
setEncodeHashAsBase64(boolean encodeHashAsBase64)
Sets if the resulting hash should be encoded as Base64.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitupgradeEncodingpublic Pbkdf2PasswordEncoder()
public Pbkdf2PasswordEncoder(java.lang.CharSequence secret)
secret - the secret key used in the encoding process (should not be shared)public Pbkdf2PasswordEncoder(java.lang.CharSequence secret,
int iterations,
int hashWidth)
secret - the secretiterations - the number of iterations. Users should aim for taking about .5
seconds on their own system.hashWidth - the size of the hashpublic void setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm secretKeyFactoryAlgorithm)
secretKeyFactoryAlgorithm - the algorithm to use (i.e.
SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA1,
SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256,
SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512)public void setEncodeHashAsBase64(boolean encodeHashAsBase64)
encodeHashAsBase64 - true if encode as Base64, false if should use Hex
(default)public java.lang.String encode(java.lang.CharSequence rawPassword)
PasswordEncoderencode in interface PasswordEncoderpublic boolean matches(java.lang.CharSequence rawPassword,
java.lang.String encodedPassword)
PasswordEncodermatches in interface PasswordEncoderrawPassword - the raw password to encode and matchencodedPassword - the encoded password from storage to compare with