This class implements the Spring Security 2.x org.springframework.security.providers.encoding.PasswordEncoder interface, allowing Spring Security-enabled applications to use JASYPT for password encryption.
Objects of this class will internally hold either an object of type org.jasypt.util.password.PasswordEncryptor or an object of type org.jasypt.digest.StringDigester (only one of them), which should be set by respectively calling {@link #setPasswordEncryptor(PasswordEncryptor)} or{@link #setStringDigester(StringDigester)}after creation. If neither a PasswordEncryptor nor a StringDigester are set, a new org.jasypt.util.password.BasicPasswordEncryptor object is created and internally used.
Important: This implementation ignores any salt provided through the interface methods, as the internal Jasypt PasswordEncryptor or StringDigester objects normally use a random one. This means that salt can be safely passed as null.
Usage with a PasswordEncryptor
This class can be used like this from your Spring XML resource files:
... <!-- Your application may use the PasswordEncryptor in several places, --> <!-- like for example at new user sign-up. --> <bean id="jasyptPasswordEncryptor" class="org.jasypt.util.password.StrongPasswordEncryptor" /> ... ... <!-- This Spring Security-friendly PasswordEncoder implementation will --> <!-- wrap the PasswordEncryptor instance so that it can be used from --> <!-- the security framework. --> <bean id="passwordEncoder" class="org.jasypt.spring.security2.PasswordEncoder"> <property name="passwordEncryptor"> <ref bean="jasyptPasswordEncryptor" /> </property> </bean> ... ... <!-- Your DaoAuthenticationProvider will then use it like with any --> <!-- other implementation of the PasswordEncoder interface. --> <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService"/> <property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property> </bean> ...
Usage with a StringDigester
This class can be used like this from your Spring XML resource files:
... <!-- Your application may use the StringDigester in several places, --> <!-- like for example at new user sign-up. --> <bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" > <property name="algorithm" value="SHA-1" /> <property name="iterations" value="100000" /> </bean> ... ... <!-- This Spring Security-friendly PasswordEncoder implementation will --> <!-- wrap the StringDigester instance so that it can be used from --> <!-- the security framework. --> <bean id="passwordEncoder" class="org.jasypt.spring.security2.PasswordEncoder"> <property name="stringDigester"> <ref bean="jasyptStringDigester" /> </property> </bean> ... ... <!-- Your DaoAuthenticationProvider will then use it like with any --> <!-- other implementation of the PasswordEncoder interface. --> <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService"/> <property name="passwordEncoder"> <ref bean="passwordEncoder" /> </property> </bean> ...
This class is thread-safe
@since 1.5 @author Daniel Fernández
|
|