public MongoPasswordHasherConfiguration(SecurityConfigurationProperties securityConfig) { if (StringUtils.isNotBlank(securityConfig.getMongo().getPasswordHasher())) { passwordEncoder = new MessageDigestPasswordEncoder(securityConfig.getMongo().getPasswordHasher()); } else { passwordEncoder = null; } }
private void addSessionContextToLogging() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); String tokenValue = "EMPTY"; if (authentication != null && !Strings.isNullOrEmpty(authentication.getDetails().toString())) { MessageDigestPasswordEncoder encoder = new MessageDigestPasswordEncoder("SHA-1"); tokenValue = encoder.encodePassword(authentication.getDetails().toString(), "not_so_random_salt"); } MDC.put(TOKEN_SESSION_KEY, tokenValue); String userValue = "EMPTY"; if (authentication != null && !Strings.isNullOrEmpty(authentication.getPrincipal().toString())) { userValue = authentication.getPrincipal().toString(); } MDC.put(USER_SESSION_KEY, userValue); }
private static final boolean resetSuperUserPasswordIfNecessary(RegisteredUsersTable t, boolean newUser, MessageDigestPasswordEncoder mde, CallingContext cc) throws ODKEntityPersistException, ODKOverQuotaException, ODKEntityNotFoundException { String localSuperUser = t.getUsername(); String currentRealmString = cc.getUserService().getCurrentRealm().getRealmString(); String lastKnownRealmString = ServerPreferencesProperties.getLastKnownRealmString(cc); if (!newUser && lastKnownRealmString != null && lastKnownRealmString.equals(currentRealmString)) { // no need to reset the passwords return false; } // The realm string has changed, so we need to reset the password. RealmSecurityInfo r = new RealmSecurityInfo(); r.setRealmString(currentRealmString); r.setBasicAuthHashEncoding(mde.getAlgorithm()); CredentialsInfo credential; try { credential = CredentialsInfoBuilderInternal.build(localSuperUser, r, "aggregate"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); throw new IllegalStateException("unrecognized algorithm"); } t.setDigestAuthPassword(credential.getDigestAuthHash()); t.setBasicAuthPassword(credential.getBasicAuthHash()); t.setBasicAuthSalt(credential.getBasicAuthSalt()); // done setting the password...persist it... t.setIsRemoved(false); cc.getDatastore().putEntity(t, cc.getCurrentUser()); // remember the current realm string ServerPreferencesProperties.setLastKnownRealmString(cc, currentRealmString); logger.warn("Reset password of the local superuser record: " + t.getUri() + " identified by: " + t.getUsername()); return true; }
@Override public RealmSecurityInfo getRealmInfo(String xsrfString) throws AccessDeniedException, DatastoreFailureException { HttpServletRequest req = this.getThreadLocalRequest(); CallingContext cc = ContextFactory.getCallingContext(this, req); if (!req.getSession().getId().equals(xsrfString)) { throw new AccessDeniedException("Invalid request"); } RealmSecurityInfo r = new RealmSecurityInfo(); r.setRealmString(cc.getUserService().getCurrentRealm().getRealmString()); MessageDigestPasswordEncoder mde = (MessageDigestPasswordEncoder) cc .getBean(SecurityBeanDefs.BASIC_AUTH_PASSWORD_ENCODER); r.setBasicAuthHashEncoding(mde.getAlgorithm()); r.setSuperUserEmail(cc.getUserService().getSuperUserEmail()); r.setSuperUsername(cc.getUserService().getSuperUserUsername()); try { r.setSuperUsernamePasswordSet(cc.getUserService().isSuperUsernamePasswordSet(cc)); } catch (ODKDatastoreException e) { e.printStackTrace(); throw new DatastoreFailureException("Unable to access datastore"); } // User interface layer uses this URL to submit password changes securely r.setChangeUserPasswordURL(cc.getSecureServerURL() + BasicConsts.FORWARDSLASH + UserManagePasswordsServlet.ADDR); return r; }
public static String encodePassword(String clearTextPassword) { return new MessageDigestPasswordEncoder("MD5", true).encodePassword(clearTextPassword, null); }
private static String encode(String password) { return new MessageDigestPasswordEncoder("MD5", true).encodePassword(password, null); }
/** * 采用md5进行信息摘要加密 */ public static String encodePasswordByMD5(String password,String key){ return new MessageDigestPasswordEncoder("MD5").encodePassword(password,key); }
@Override public String hashPassword(String password) { return new MessageDigestPasswordEncoder(AppConstants.SHA_256.toString()).encodePassword(password, null); }
protected AbstractCoreMessageDigestPasswordEncoder(MessageDigestPasswordEncoder delegate) { this.delegate = delegate; }
public MessageDigestPasswordEncoder getPasswordEncoder() { return passwordEncoder; }
public void setPasswordEncoder(MessageDigestPasswordEncoder passwordEncoder) { this.passwordEncoder = passwordEncoder; }
public String getHash(String id, String pass) { MessageDigestPasswordEncoder mdpe = new MessageDigestPasswordEncoder("MD5"); return mdpe.encodePassword(pass, id); }
private static String getHash(String id, String pass) { MessageDigestPasswordEncoder mdpe = new MessageDigestPasswordEncoder( "MD5"); return mdpe.encodePassword(pass, id); }
/** * Gets the MD5 hash and encodes it in Base 64 notation * * @param clearTextPassword * @return * @throws NoSuchAlgorithmException */ public static String getEncodedPassword(String clearTextPassword) { return new MessageDigestPasswordEncoder("MD5", true).encodePassword(clearTextPassword, null); }
/** * Get the password encoder. * * @return */ public MessageDigestPasswordEncoder getPasswordEncoder() { return passwordEncoder; }
/** * Set the password encoder. * * @param encoder */ public void setPasswordEncoder(MessageDigestPasswordEncoder encoder) { this.passwordEncoder = encoder; }
/** * Get the encoder for the user manager * @return */ public MessageDigestPasswordEncoder getEncoder() { return encoder; }
/** * Set the encoder for the user manager. * * @param encoder */ public void setEncoder(MessageDigestPasswordEncoder encoder) { this.encoder = encoder; }