Package pro.fessional.wings.slardar.security.pass

Class BasicPasswordEncoder

  • All Implemented Interfaces:
    org.springframework.security.crypto.password.PasswordEncoder 
    
public class BasicPasswordEncoder
 implements PasswordEncoder
                    
    A compromise between BasicAuthentication and DigestAuthentication  to avoid sending plaintext password.
Use the password to md5sum the current timestamp, then send the timestamp and md5sum instead of a password.

Requires the timestamp to be within 3 minutes of the server.

timestamp - form 1970 in ms
password - user password
md5_hash = md5($timestamp + "#" + $password)
token =  $timestamp + "#" + $md5_hash
Authorization:"Basic base64_url_safe($username + ":" + $token)"
    Since:

    2021-02-27

    Author:

    trydofor

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description

    • Field Summary

      Fields 
      Modifier and Type Field Description

    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description

    • Method Summary

      Modifier and Type Method Description
      String encode(CharSequence rawPassword)
      boolean matches(CharSequence rawPassword, String encodedPassword)

      • Methods inherited from class org.springframework.security.crypto.password.PasswordEncoder

        upgradeEncoding

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait