Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

atg.security
Interface PasswordHasher

All Superinterfaces:
java.io.Serializable
All Known Subinterfaces:
PasswordHasher2
All Known Implementing Classes:
DigestPasswordHasher, iPlanetSSHAAccountPasswordHasher, iPlanetSSHAPasswordHasher, MD5PasswordHasher, NullPasswordHasher, PasswordHasher2Adapter, SaltedDigestPasswordHasher, SaltedMD5PasswordHasher
public interface PasswordHasher
extends java.io.Serializable

This interface defines a hash function to be used to encrypt passwords.

It has two uses:

  1. Encrypt a password to obfuscate it for storage. This will return the same value for any instance.
  2. Hash a password to obfuscate it for transmission. This may return a different value for different instances.
An application that intends to encrypt a password for long-term storage should call encryptPassword() and store the returned value:

String storedPassword = passwordHasher.encryptPassword(plainTextPassword); A client or application that is trying to perform a login should perform the following sequence:

// Obtain a (possibly unique) password hasher for encrypting login // passwords PasswordHasher loginHasher = passwordHasher.getLoginPasswordHasher(); // Hash the password and remember the (possibly unique) hash key String hashedPassword = loginHasher.hashPasswordForLogin(plainTextPassword); String hashKey = loginHasher.getPasswordHashKey();

The hashed password and hash key pair are both required to properly check the password, a process which is done as follows:

if (passwordHasher.checkPassword(storedPassword, hashedPassword, hashKey)) System.out.println("Succeeded"); else System.out.println("Failed");

Field Summary
static java.lang.String CLASS_VERSION
           
 
Method Summary
 boolean checkPassword(java.lang.String pLoginPassword, java.lang.String pEncryptedPassword, java.lang.Object pHashKey)
          Returns true if the login password matches the encrypted password.
 java.lang.String encryptPassword(java.lang.String pPassword)
          Encrypts a password suitably for long-term storage.
 PasswordHasher getLoginPasswordHasher()
          Returns a password hasher instance useful for performing a login.
 java.lang.Object getPasswordHashKey()
          Returns the hash key (if any) that was used for hashing the password for login.
 java.lang.String hashPasswordForLogin(java.lang.String pPassword)
          Performs the appropriate hashing function for a login process.
 

Field Detail

CLASS_VERSION

static final java.lang.String CLASS_VERSION
See Also:
Constant Field Values
Method Detail

encryptPassword

java.lang.String encryptPassword(java.lang.String pPassword)
Encrypts a password suitably for long-term storage.

checkPassword

boolean checkPassword(java.lang.String pLoginPassword,
                      java.lang.String pEncryptedPassword,
                      java.lang.Object pHashKey)
Returns true if the login password matches the encrypted password.

hashPasswordForLogin

java.lang.String hashPasswordForLogin(java.lang.String pPassword)
Performs the appropriate hashing function for a login process. This value will later be passed to checkPassword().

getPasswordHashKey

java.lang.Object getPasswordHashKey()
Returns the hash key (if any) that was used for hashing the password for login. This must be passed to checkPassword() to verify the validity of the hash.

getLoginPasswordHasher

PasswordHasher getLoginPasswordHasher()
Returns a password hasher instance useful for performing a login. This instance may have a unique password hash key so that each login attempt is hashed differently.

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD