Class AbstractPasswordEncoder

java.lang.Object
org.springframework.security.crypto.password.AbstractPasswordEncoder
All Implemented Interfaces:
PasswordEncoder

public abstract class AbstractPasswordEncoder extends Object implements PasswordEncoder
Abstract base class for password encoders
  • Constructor Details

    • AbstractPasswordEncoder

      protected AbstractPasswordEncoder()
  • Method Details

    • encode

      public String encode(CharSequence rawPassword)
      Description copied from interface: PasswordEncoder
      Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.
      Specified by:
      encode in interface PasswordEncoder
    • matches

      public boolean matches(CharSequence rawPassword, String encodedPassword)
      Description copied from interface: PasswordEncoder
      Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.
      Specified by:
      matches in interface PasswordEncoder
      Parameters:
      rawPassword - the raw password to encode and match
      encodedPassword - the encoded password from storage to compare with
      Returns:
      true if the raw password, after encoding, matches the encoded password from storage
    • encode

      protected abstract byte[] encode(CharSequence rawPassword, byte[] salt)
    • encodeAndConcatenate

      protected byte[] encodeAndConcatenate(CharSequence rawPassword, byte[] salt)
    • matches

      protected static boolean matches(byte[] expected, byte[] actual)
      Constant time comparison to prevent against timing attacks.