Crowd 2.0 : Password Encoders
This page last changed on Oct 09, 2008 by smaddox.
This module type allows you to define your own password encoders for Crowd. For example, say you want to implement a CRYPT password encoder. Your atlassian-plugin.xml would look like this: <atlassian-plugin name="Custom Password Encoders" key="mycompany.crowd.passwordencoders" system="false"> <plugin-info> <description>Custom password encoders to work with my custom directory store</description> <vendor name="Atlassian Software Systems" url="http://www.atlassian.com"/> <version>1.0</version> </plugin-info> <encoder key="crypt" name="Crypt Password Encoder" class="com.atlassian.crowd.password.encoder.CryptPasswordEncoder"> <description>CRYPT based encoder</description> </encoder> </atlassian-plugin> Your com.atlassian.crowd.password.encoder.CryptPasswordEncoder will need to implement one or both of the following interfaces:
These two interfaces extend a parent interface com.atlassian.crowd.password.encoder.PasswordEncoder. This interface may look very familiar if you have spent some time in the Spring Security source.1 package com.atlassian.crowd.password.encoder; import com.atlassian.crowd.exception.PasswordEncoderException; /** * <p>Defines the operations and requirements for a class that needs to handle password * operations in Crowd</p> * Some of the below documentation is taken from Spring Security */ public interface PasswordEncoder { /** * <p>Encodes the specified raw password with an implementation specific algorithm.</p> * <P>This will generally be a one-way message digest such as MD5 or SHA, but may also be a plaintext * variant which does no encoding at all, but rather returns the same password it was fed. The latter is useful to * plug in when the original password must be stored as-is.</p> * <p>The specified salt will potentially be used by the implementation to "salt" the initial value before * encoding. A salt is usually a user-specific value which is added to the password before the digest is computed. * This means that computation of digests for common dictionary words will be different than those in the backend * store, because the dictionary word digests will not reflect the addition of the salt. If a per-user salt is * used (rather than a system-wide salt), it also means users with the same password will have different digest * encoded passwords in the backend store.</p> * <P>If a salt value is provided, the same salt value must be use when calling the {@link * #isPasswordValid(String, String, Object)} method. Note that a specific implementation may choose to ignore the * salt value (via <code>null</code>), or provide its own.</p> * * @param rawPass the password to encode * @param salt optionally used by the implementation to "salt" the raw password before encoding. A * <code>null</code> value is legal. * @return encoded password * @throws PasswordEncoderException if there were any issues trying to encode a password */ String encodePassword(String rawPass, Object salt) throws PasswordEncoderException; /** * <p>Validates a specified "raw" password against an encoded password.</p> * <P>The encoded password should have previously been generated by {@link #encodePassword(String, * Object)}. This method will encode the <code>rawPass</code> (using the optional <code>salt</code>), and then * compared it with the presented <code>encPass</code>.</p> * <p>For a discussion of salts, please refer to {@link #encodePassword(String, Object)}.</p> * * @param encPass a pre-encoded password * @param rawPass a raw password to encode and compare against the pre-encoded password * @param salt optionally used by the implementation to "salt" the raw password before encoding. A * <code>null</code> value is legal. * @return true if the password is valid , false otherwise */ boolean isPasswordValid(String encPass, String rawPass, Object salt); /** * The key to define this password encoder * @return */ String getKey(); } These two interfaces are marker interfaces that will determine whether or not your plugin will appear in the password encoder dropdown list which appears when a Crowd administrator adds an LDAP-based directory or an Internal directory. RELATED TOPICS |
![]() |
Document generated by Confluence on Jul 30, 2009 01:30 |