/** * @return true is the password was invalid and update is required */ public boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException { boolean updated = false; if (credential.getPassword() != null && !credential.isEncoded() && validator != null ) { try { validator.validate(credential.getPassword()); } catch (SecurityException e) { log.error("Loaded password for user "+userName+" is invalid. The user will be required to change it."); // persitent store contains an invalid password // allow login (assuming the user knows the invalid value) but enforce an update credential.setUpdateRequired(true); updated = true; } } return updated; } }
/** * @return true if now encoded */ public boolean afterLoad(String userName, PasswordCredential credential, CredentialPasswordEncoder encoder, CredentialPasswordValidator validator) throws SecurityException { boolean updated = false; if (credential.getPassword() != null && !credential.isEncoded() && encoder != null ) { credential.setPassword(encoder.encode(userName,credential.getPassword()), true); credential.clearNewPasswordSet(); if ( encoder instanceof AlgorithmUpgradePasswordEncodingService) { // For the AlgorithmUpgradePBEPasswordService to be able to distinguise between // old and new encoded passwords, it evaluates the last and previous authentication timestamps. // With an automatic encoding (using the new encoding schema) the last authentication must be // set to null (as the user hasn't been authenticated yet again, which leaves the previous // authentication timestamp for indicating when the (new) encoding took place. credential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime())); credential.setLastAuthenticationDate(null); } updated = true; } return updated; } }
if (encoder != null && credential.isEncoded())
String oldPassword = credential.getOldPassword(); String password = credential.getPassword(); boolean encoded = credential.isEncoded();
if (upcpm != null && upcpm.getCredentialPasswordEncoder() != null && credential.isEncoded())