Package org.opencms.security
Class CmsDefaultPasswordHandler
java.lang.Object
org.opencms.security.CmsDefaultPasswordHandler
- All Implemented Interfaces:
I_CmsConfigurationParameterHandler,I_CmsPasswordGenerator,I_CmsPasswordHandler,I_CmsPasswordSecurityEvaluator
- Direct Known Subclasses:
CmsAdvancedPasswordHandler
public class CmsDefaultPasswordHandler
extends Object
implements I_CmsPasswordHandler, I_CmsPasswordSecurityEvaluator, I_CmsPasswordGenerator
Default implementation for OpenCms password validation,
just checks if a password is at last 4 characters long.
- Since:
- 6.0.0
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.opencms.security.I_CmsPasswordSecurityEvaluator
I_CmsPasswordSecurityEvaluator.SecurityLevel -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic StringParameter for SCrypt fall back.static StringParameter for SCrypt settings.static final intThe minimum length of a password.static final intThe password length that is considered to be secure.Fields inherited from interface org.opencms.configuration.I_CmsConfigurationParameterHandler
ADD_PARAMETER_METHOD, INIT_CONFIGURATION_METHODFields inherited from interface org.opencms.security.I_CmsPasswordHandler
CONVERT_DIGEST_ENCODING, DIGEST_TYPE_MD5, DIGEST_TYPE_PLAIN, DIGEST_TYPE_SCRYPT, DIGEST_TYPE_SHA, DIGEST_TYPE_SSHA -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddConfigurationParameter(String paramName, String paramValue) Adds a configuration parameter to this parameter configurable class instance.booleancheckPassword(String plainPassword, String digestedPassword, boolean useFallback) This method checks if the given plain text password is equal to the given digested password.Creates an OpenCms password digest according to the default setting for method/encodings.Creates an OpenCms password digest.evaluatePasswordSecurity(String password) Evaluates the given password security.Returns the parameters of this configurable class instance, ornullif the class does not need any parameters.Returns the digestType.Returns the input encoding.getPasswordSecurityHint(Locale locale) Returns a hint describing how to set a secure password.Returns random password.voidInitializes a configuration after all parameters have been added.voidsetDigestType(String digestType) Sets the digestType.voidsetInputEncoding(String inputEncoding) Sets the input encoding.voidvalidatePassword(String password) This method checks if a new password follows the rules for new passwords, which are defined by a Class configured in the opencms.properties file.
-
Field Details
-
PARAM_SCRYPT_FALLBACK
Parameter for SCrypt fall back. -
PARAM_SCRYPT_SETTINGS
Parameter for SCrypt settings. -
PASSWORD_MIN_LENGTH
The minimum length of a password.- See Also:
-
PASSWORD_SECURE_LENGTH
The password length that is considered to be secure.- See Also:
-
-
Constructor Details
-
CmsDefaultPasswordHandler
public CmsDefaultPasswordHandler()The constructor does not perform any operation.
-
-
Method Details
-
addConfigurationParameter
Description copied from interface:I_CmsConfigurationParameterHandlerAdds a configuration parameter to this parameter configurable class instance.- Specified by:
addConfigurationParameterin interfaceI_CmsConfigurationParameterHandler- Parameters:
paramName- the name of the parameterparamValue- the value for the parameter- See Also:
-
checkPassword
Description copied from interface:I_CmsPasswordHandlerThis method checks if the given plain text password is equal to the given digested password.Use this to check salted passwords. If the password is salted, it needs to be checked with the salt (and possible other parameters) stored in the digested password. Just digesting the password again and comparing the result to a previous digest won't work because the salt will usually be different.
- Specified by:
checkPasswordin interfaceI_CmsPasswordHandler- Parameters:
plainPassword- the plain text password to checkdigestedPassword- the digested password to compare with the plain passworduseFallback- iftrue, then use a fall back hashing algorithm in case first validation fails- Returns:
falseif the validation of the password failed- See Also:
-
digest
Description copied from interface:I_CmsPasswordHandlerCreates an OpenCms password digest according to the default setting for method/encodings.- Specified by:
digestin interfaceI_CmsPasswordHandler- Parameters:
password- the password to encrypt- Returns:
- the password digest
- Throws:
CmsPasswordEncryptionException- if something goes wrong- See Also:
-
digest
public String digest(String password, String digestType, String inputEncoding) throws CmsPasswordEncryptionException Description copied from interface:I_CmsPasswordHandlerCreates an OpenCms password digest.- Specified by:
digestin interfaceI_CmsPasswordHandler- Parameters:
password- the password to encryptdigestType- the algorithm used for encryption (i.e. MD5, SHA ...)inputEncoding- the encoding used when converting the password to bytes (i.e. UTF-8)- Returns:
- the password digest
- Throws:
CmsPasswordEncryptionException- if something goes wrong- See Also:
-
evaluatePasswordSecurity
Description copied from interface:I_CmsPasswordSecurityEvaluatorEvaluates the given password security.- Specified by:
evaluatePasswordSecurityin interfaceI_CmsPasswordSecurityEvaluator- Parameters:
password- the password- Returns:
- the security level as a number between 0 and 1, 0 meaning a low security and 1 a strong security
- See Also:
-
getConfiguration
Description copied from interface:I_CmsConfigurationParameterHandlerReturns the parameters of this configurable class instance, ornullif the class does not need any parameters.- Specified by:
getConfigurationin interfaceI_CmsConfigurationParameterHandler- Returns:
- the parameters of this configurable class instance,
or
nullif the class does not need any parameters - See Also:
-
getDigestType
Returns the digestType.- Specified by:
getDigestTypein interfaceI_CmsPasswordHandler- Returns:
- the digestType
-
getInputEncoding
Returns the input encoding.- Specified by:
getInputEncodingin interfaceI_CmsPasswordHandler- Returns:
- the input encoding
-
getPasswordSecurityHint
Description copied from interface:I_CmsPasswordSecurityEvaluatorReturns a hint describing how to set a secure password.- Specified by:
getPasswordSecurityHintin interfaceI_CmsPasswordSecurityEvaluator- Parameters:
locale- the locale- Returns:
- the password security hint
- See Also:
-
getRandomPassword
Description copied from interface:I_CmsPasswordGeneratorReturns random password.- Specified by:
getRandomPasswordin interfaceI_CmsPasswordGenerator- Returns:
- See Also:
-
initConfiguration
Description copied from interface:I_CmsConfigurationParameterHandlerInitializes a configuration after all parameters have been added.- Specified by:
initConfigurationin interfaceI_CmsConfigurationParameterHandler- See Also:
-
setDigestType
Sets the digestType.- Specified by:
setDigestTypein interfaceI_CmsPasswordHandler- Parameters:
digestType- the digestType to set
-
setInputEncoding
Sets the input encoding.- Specified by:
setInputEncodingin interfaceI_CmsPasswordHandler- Parameters:
inputEncoding- the input encoding to set
-
validatePassword
Description copied from interface:I_CmsPasswordHandlerThis method checks if a new password follows the rules for new passwords, which are defined by a Class configured in the opencms.properties file.If this method throws no exception the password is valid.
- Specified by:
validatePasswordin interfaceI_CmsPasswordHandler- Parameters:
password- the password to check- Throws:
CmsSecurityException- if validation of the password failed- See Also:
-