CmsDefaultPasswordHandler (OpenCms Core API, version 11.0.0)

java.lang.Object
- org.opencms.security.CmsDefaultPasswordHandler

All Implemented Interfaces:

I_CmsConfigurationParameterHandler, I_CmsPasswordGenerator, I_CmsPasswordHandler, I_CmsPasswordSecurityEvaluator

Direct Known Subclasses:

CmsAdvancedPasswordHandler
```
public class CmsDefaultPasswordHandler
extends java.lang.Object
implements I_CmsPasswordHandler, I_CmsPasswordSecurityEvaluator, I_CmsPasswordGenerator
```
Default implementation for OpenCms password validation, just checks if a password is at last 4 characters long.

Since:

6.0.0

Nested Class Summary
- Nested classes/interfaces inherited from interface org.opencms.security.I_CmsPasswordSecurityEvaluator
  I_CmsPasswordSecurityEvaluator.SecurityLevel

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`PARAM_SCRYPT_FALLBACK` Parameter for SCrypt fall back.
`static java.lang.String`	`PARAM_SCRYPT_SETTINGS` Parameter for SCrypt settings.
`static int`	`PASSWORD_MIN_LENGTH` The minimum length of a password.
`static int`	`PASSWORD_SECURE_LENGTH` The password length that is considered to be secure.

Fields inherited from interface org.opencms.security.I_CmsPasswordHandler
CONVERT_DIGEST_ENCODING, DIGEST_TYPE_MD5, DIGEST_TYPE_PLAIN, DIGEST_TYPE_SCRYPT, DIGEST_TYPE_SHA, DIGEST_TYPE_SSHA

Fields inherited from interface org.opencms.configuration.I_CmsConfigurationParameterHandler
ADD_PARAMETER_METHOD, INIT_CONFIGURATION_METHOD

Constructor Summary

Constructors
Constructor and Description

CmsDefaultPasswordHandler()
The constructor does not perform any operation.

Constructors
Constructor and Description
`CmsDefaultPasswordHandler()` The constructor does not perform any operation.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addConfigurationParameter(java.lang.String paramName, java.lang.String paramValue)` Adds a configuration parameter to this parameter configurable class instance.
`boolean`	`checkPassword(java.lang.String plainPassword, java.lang.String digestedPassword, boolean useFallback)` This method checks if the given plain text password is equal to the given digested password.
`java.lang.String`	`digest(java.lang.String password)` Creates an OpenCms password digest according to the default setting for method/encodings.
`java.lang.String`	`digest(java.lang.String password, java.lang.String digestType, java.lang.String inputEncoding)` Creates an OpenCms password digest.
`I_CmsPasswordSecurityEvaluator.SecurityLevel`	`evaluatePasswordSecurity(java.lang.String password)` Evaluates the given password security.
`CmsParameterConfiguration`	`getConfiguration()` Returns the parameters of this configurable class instance, or `null` if the class does not need any parameters.
`java.lang.String`	`getDigestType()` Returns the digestType.
`java.lang.String`	`getInputEncoding()` Returns the input encoding.
`java.lang.String`	`getPasswordSecurityHint(java.util.Locale locale)` Returns a hint describing how to set a secure password.
`java.lang.String`	`getRandomPassword()` Returns random password.
`void`	`initConfiguration()` Initializes a configuration after all parameters have been added.
`void`	`setDigestType(java.lang.String digestType)` Sets the digestType.
`void`	`setInputEncoding(java.lang.String inputEncoding)` Sets the input encoding.
`void`	`validatePassword(java.lang.String password)` This method checks if a new password follows the rules for new passwords, which are defined by a Class configured in the opencms.properties file.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - PARAM_SCRYPT_FALLBACK
```
public static java.lang.String PARAM_SCRYPT_FALLBACK
```
    Parameter for SCrypt fall back.
  - PARAM_SCRYPT_SETTINGS
```
public static java.lang.String PARAM_SCRYPT_SETTINGS
```
    Parameter for SCrypt settings.
  - PASSWORD_MIN_LENGTH
```
public static final int PASSWORD_MIN_LENGTH
```
    The minimum length of a password.
    
    See Also:
    
    Constant Field Values
  - PASSWORD_SECURE_LENGTH
```
public static final int PASSWORD_SECURE_LENGTH
```
    The password length that is considered to be secure.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - CmsDefaultPasswordHandler
```
public CmsDefaultPasswordHandler()
```
    The constructor does not perform any operation.
- Method Detail
  - addConfigurationParameter
```
public void addConfigurationParameter(java.lang.String paramName,
                                      java.lang.String paramValue)
```
    Description copied from interface: I_CmsConfigurationParameterHandler
    
    Adds a configuration parameter to this parameter configurable class instance.
    
    Specified by:
    
    addConfigurationParameter in interface I_CmsConfigurationParameterHandler
    
    Parameters:
    
    paramName - the name of the parameter
    
    paramValue - the value for the parameter
    
    See Also:
    
    I_CmsConfigurationParameterHandler.addConfigurationParameter(java.lang.String, java.lang.String)
  - checkPassword
```
public boolean checkPassword(java.lang.String plainPassword,
                             java.lang.String digestedPassword,
                             boolean useFallback)
```
    Description copied from interface: I_CmsPasswordHandler
    
    This method checks if the given plain text password is equal to the given digested password.
    Use this to check salted passwords. If the password is salted, it needs to be checked with the salt (and possible other parameters) stored in the digested password. Just digesting the password again and comparing the result to a previous digest won't work because the salt will usually be different.
    
    Specified by:
    
    checkPassword in interface I_CmsPasswordHandler
    
    Parameters:
    
    plainPassword - the plain text password to check
    
    digestedPassword - the digested password to compare with the plain password
    
    useFallback - if true, then use a fall back hashing algorithm in case first validation fails
    
    Returns:
    
    false if the validation of the password failed
    
    See Also:
    
    I_CmsPasswordHandler.checkPassword(String, String, boolean)
  - digest
```
public java.lang.String digest(java.lang.String password)
                        throws CmsPasswordEncryptionException
```
    Description copied from interface: I_CmsPasswordHandler
    
    Creates an OpenCms password digest according to the default setting for method/encodings.
    
    Specified by:
    
    digest in interface I_CmsPasswordHandler
    
    Parameters:
    
    password - the password to encrypt
    
    Returns:
    
    the password digest
    
    Throws:
    
    CmsPasswordEncryptionException - if something goes wrong
    
    See Also:
    
    I_CmsPasswordHandler.digest(java.lang.String)
  - digest
```
public java.lang.String digest(java.lang.String password,
                               java.lang.String digestType,
                               java.lang.String inputEncoding)
                        throws CmsPasswordEncryptionException
```
    Description copied from interface: I_CmsPasswordHandler
    
    Creates an OpenCms password digest.
    
    Specified by:
    
    digest in interface I_CmsPasswordHandler
    
    Parameters:
    
    password - the password to encrypt
    
    digestType - the algorithm used for encryption (i.e. MD5, SHA ...)
    
    inputEncoding - the encoding used when converting the password to bytes (i.e. UTF-8)
    
    Returns:
    
    the password digest
    
    Throws:
    
    CmsPasswordEncryptionException - if something goes wrong
    
    See Also:
    
    I_CmsPasswordHandler.digest(java.lang.String, java.lang.String, java.lang.String)
  - evaluatePasswordSecurity
```
public I_CmsPasswordSecurityEvaluator.SecurityLevel evaluatePasswordSecurity(java.lang.String password)
```
    Description copied from interface: I_CmsPasswordSecurityEvaluator
    
    Evaluates the given password security.
    
    Specified by:
    
    evaluatePasswordSecurity in interface I_CmsPasswordSecurityEvaluator
    
    Parameters:
    
    password - the password
    
    Returns:
    
    the security level as a number between 0 and 1, 0 meaning a low security and 1 a strong security
    
    See Also:
    
    I_CmsPasswordSecurityEvaluator.evaluatePasswordSecurity(java.lang.String)
  - getConfiguration
```
public CmsParameterConfiguration getConfiguration()
```
    Description copied from interface: I_CmsConfigurationParameterHandler
    
    Returns the parameters of this configurable class instance, or null if the class does not need any parameters.
    
    Specified by:
    
    getConfiguration in interface I_CmsConfigurationParameterHandler
    
    Returns:
    
    the parameters of this configurable class instance, or null if the class does not need any parameters
    
    See Also:
    
    I_CmsConfigurationParameterHandler.getConfiguration()
  - getDigestType
```
public java.lang.String getDigestType()
```
    Returns the digestType.
    
    Specified by:
    
    getDigestType in interface I_CmsPasswordHandler
    
    Returns:
    
    the digestType
  - getInputEncoding
```
public java.lang.String getInputEncoding()
```
    Returns the input encoding.
    
    Specified by:
    
    getInputEncoding in interface I_CmsPasswordHandler
    
    Returns:
    
    the input encoding
  - getPasswordSecurityHint
```
public java.lang.String getPasswordSecurityHint(java.util.Locale locale)
```
    Description copied from interface: I_CmsPasswordSecurityEvaluator
    
    Returns a hint describing how to set a secure password.
    
    Specified by:
    
    getPasswordSecurityHint in interface I_CmsPasswordSecurityEvaluator
    
    Parameters:
    
    locale - the locale
    
    Returns:
    
    the password security hint
    
    See Also:
    
    I_CmsPasswordSecurityEvaluator.getPasswordSecurityHint(java.util.Locale)
  - getRandomPassword
```
public java.lang.String getRandomPassword()
```
    Description copied from interface: I_CmsPasswordGenerator
    
    Returns random password.
    
    Specified by:
    
    getRandomPassword in interface I_CmsPasswordGenerator
    
    Returns:
    
    See Also:
    
    I_CmsPasswordGenerator.getRandomPassword()
  - initConfiguration
```
public void initConfiguration()
```
    Description copied from interface: I_CmsConfigurationParameterHandler
    
    Initializes a configuration after all parameters have been added.
    
    Specified by:
    
    initConfiguration in interface I_CmsConfigurationParameterHandler
    
    See Also:
    
    I_CmsConfigurationParameterHandler.initConfiguration()
  - setDigestType
```
public void setDigestType(java.lang.String digestType)
```
    Sets the digestType.
    
    Specified by:
    
    setDigestType in interface I_CmsPasswordHandler
    
    Parameters:
    
    digestType - the digestType to set
  - setInputEncoding
```
public void setInputEncoding(java.lang.String inputEncoding)
```
    Sets the input encoding.
    
    Specified by:
    
    setInputEncoding in interface I_CmsPasswordHandler
    
    Parameters:
    
    inputEncoding - the input encoding to set
  - validatePassword
```
public void validatePassword(java.lang.String password)
                      throws CmsSecurityException
```
    Description copied from interface: I_CmsPasswordHandler
    
    This method checks if a new password follows the rules for new passwords, which are defined by a Class configured in the opencms.properties file.
    If this method throws no exception the password is valid.
    
    Specified by:
    
    validatePassword in interface I_CmsPasswordHandler
    
    Parameters:
    
    password - the password to check
    
    Throws:
    
    CmsSecurityException - if validation of the password failed
    
    See Also:
    
    I_CmsPasswordHandler.validatePassword(java.lang.String)

Class CmsDefaultPasswordHandler

Nested Class Summary

Nested classes/interfaces inherited from interface org.opencms.security.I_CmsPasswordSecurityEvaluator

Field Summary

Fields inherited from interface org.opencms.security.I_CmsPasswordHandler

Fields inherited from interface org.opencms.configuration.I_CmsConfigurationParameterHandler

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

PARAM_SCRYPT_FALLBACK

PARAM_SCRYPT_SETTINGS

PASSWORD_MIN_LENGTH

PASSWORD_SECURE_LENGTH

Constructor Detail

CmsDefaultPasswordHandler

Method Detail

addConfigurationParameter

checkPassword

digest

digest

evaluatePasswordSecurity

getConfiguration

getDigestType

getInputEncoding

getPasswordSecurityHint

getRandomPassword

initConfiguration

setDigestType

setInputEncoding

validatePassword