public interface PasswordHash
PasswordHashis an interface for objects that can generate and verify password hashes.
PasswordHash are configured for the built-in Database
by configuring the type on the
Parameters for the
PasswordHash can also be configured on the annotation,
and will be passed to the
initialize(Map) method when the
IdentityStore is initialized.
|Modifier and Type||Method and Description|
Generate an encoded password hash value for storage in a user's account.
Initialize the instance with the parameters it should use to generate and verify password hashes.
Verify a password against the hashed password value retrieved from a user's account.
An implementation is not required to support parameters, and may ignore parameters passed to it. It is also possible that an implementation will use the specified parameters when generating a new password hash, but ignore them in favor of parameters stored with an existing password hash when verifying.
If no parameters were supplied, the argument is an empty
Mapof the provided parameters, empty if no parameters were supplied.
String generate(char password)
This method should not be used to generate a password hash for verification purposes;
verify(char, String) for that purpose. Use this method only to generate
password hashes for new or changed passwords.
The returned hash value should be fully encoded, such that it can be directly stored, as is, with no additional formatting or encoding applied.
password- The password to generate a hash for.
boolean verify(char password, String hashedPassword)
hashedPassword parameter should be provided exactly as retrieved from the database,
with no decoding or formatting applied. The
password parameter should be hashed and
compared to the hashed password.
password- The password to verify.
hashedPassword- The hashed password to compare against.
Copyright © 1996-2017, Oracle and/or its affiliates. All Rights Reserved. Use is subject to license terms.