private boolean hasReusedPassword( User user, String password ) { if ( securityPolicy == null ) { throw new IllegalStateException( "The security policy has not yet been set." ); } if ( StringUtils.isEmpty( password ) ) { return false; } String encodedPassword = securityPolicy.getPasswordEncoder().encodePassword( password ); int checkCount = getPreviousPasswordCount(); Iterator it = user.getPreviousEncodedPasswords().iterator(); while ( it.hasNext() && checkCount >= 0 ) { String prevEncodedPassword = (String) it.next(); if ( encodedPassword.equals( prevEncodedPassword ) ) { return true; } checkCount--; } return false; }
getLogger().debug( "PasswordEncoder: " + encoder.getClass().getName() ); boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() ); if ( isPasswordValid )
public void extensionChangePassword( User user ) throws PasswordRuleViolationException { validatePassword( user ); // set the current encoded password. user.setEncodedPassword( passwordEncoder.encodePassword( user.getPassword() ) ); user.setPassword( null ); // push new password onto list of previous password. List previousPasswords = new ArrayList(); previousPasswords.add( user.getEncodedPassword() ); if ( !user.getPreviousEncodedPasswords().isEmpty() ) { int oldCount = Math.min( previousPasswordsCount - 1, user.getPreviousEncodedPasswords().size() ); //modified sublist start index as the previous value results to nothing being added to the list. List sublist = user.getPreviousEncodedPasswords().subList( 0, oldCount ); previousPasswords.addAll( sublist ); } user.setPreviousEncodedPasswords( previousPasswords ); user.setPasswordChangeRequired( false ); user.setLocked( false ); // Update timestamp for password change. user.setLastPasswordChange( new Date() ); }