private boolean hasReusedPassword( User user, String password ) { if ( securityPolicy == null ) { throw new IllegalStateException( "The security policy has not yet been set." ); } if ( StringUtils.isEmpty( password ) ) { return false; } String encodedPassword = securityPolicy.getPasswordEncoder().encodePassword( password ); int checkCount = getPreviousPasswordCount(); Iterator it = user.getPreviousEncodedPasswords().iterator(); while ( it.hasNext() && checkCount >= 0 ) { String prevEncodedPassword = (String) it.next(); if ( encodedPassword.equals( prevEncodedPassword ) ) { return true; } checkCount--; } return false; }
PasswordEncoder encoder = securityPolicy.getPasswordEncoder(); getLogger().debug( "PasswordEncoder: " + encoder.getClass().getName() );