Class StandardPasswordEncoder
java.lang.Object
org.springframework.security.crypto.password.StandardPasswordEncoder
- All Implemented Interfaces:
PasswordEncoder
Deprecated.
This
PasswordEncoder
is provided for legacy purposes only and is not considered
secure.
A standard PasswordEncoder
implementation that uses SHA-256 hashing with 1024
iterations and a random 8-byte random salt value. It uses an additional system-wide
secret value to provide additional protection.
The digest algorithm is invoked on the concatenated bytes of the salt, secret and password.
If you are developing a new system,
BCryptPasswordEncoder
is a better
choice both in terms of security and interoperability with other languages.
-
Constructor Summary
ConstructorDescriptionDeprecated.Constructs a standard password encoder with no additional secret value.StandardPasswordEncoder
(CharSequence secret) Deprecated.Constructs a standard password encoder with a secret value which is also included in the password hash. -
Method Summary
Modifier and TypeMethodDescriptionencode
(CharSequence rawPassword) Deprecated.Encode the raw password.boolean
matches
(CharSequence rawPassword, String encodedPassword) Deprecated.Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.security.crypto.password.PasswordEncoder
upgradeEncoding
-
Constructor Details
-
StandardPasswordEncoder
public StandardPasswordEncoder()Deprecated.Constructs a standard password encoder with no additional secret value. -
StandardPasswordEncoder
Deprecated.Constructs a standard password encoder with a secret value which is also included in the password hash.- Parameters:
secret
- the secret key used in the encoding process (should not be shared)
-
-
Method Details
-
encode
Deprecated.Description copied from interface:PasswordEncoder
Encode the raw password. Generally, a good encoding algorithm applies a SHA-1 or greater hash combined with an 8-byte or greater randomly generated salt.- Specified by:
encode
in interfacePasswordEncoder
-
matches
Deprecated.Description copied from interface:PasswordEncoder
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded. Returns true if the passwords match, false if they do not. The stored password itself is never decoded.- Specified by:
matches
in interfacePasswordEncoder
- Parameters:
rawPassword
- the raw password to encode and matchencodedPassword
- the encoded password from storage to compare with- Returns:
- true if the raw password, after encoding, matches the encoded password from storage
-
DelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.