View Javadoc

1   /************************************************************************
2    * Copyright (c) 2000-2006 The Apache Software Foundation.             *
3    * All rights reserved.                                                *
4    * ------------------------------------------------------------------- *
5    * Licensed under the Apache License, Version 2.0 (the "License"); you *
6    * may not use this file except in compliance with the License. You    *
7    * may obtain a copy of the License at:                                *
8    *                                                                     *
9    *     http://www.apache.org/licenses/LICENSE-2.0                      *
10   *                                                                     *
11   * Unless required by applicable law or agreed to in writing, software *
12   * distributed under the License is distributed on an "AS IS" BASIS,   *
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or     *
14   * implied.  See the License for the specific language governing       *
15   * permissions and limitations under the License.                      *
16   ***********************************************************************/
17  
18  package org.apache.james.userrepository;
19  
20  import org.apache.james.security.DigestUtil;
21  import org.apache.james.services.User;
22  
23  import java.io.Serializable;
24  import java.security.NoSuchAlgorithmException;
25  
26  /***
27   * Implementation of User Interface. Instances of this class do not allow
28   * the the user name to be reset.
29   *
30   *
31   * @version CVS $Revision: 450935 $
32   */
33  
34  public class DefaultUser implements User, Serializable {
35  
36      private static final long serialVersionUID = 5178048915868531270L;
37      
38      private String userName;
39      private String hashedPassword;
40      private String algorithm ;
41  
42      /***
43       * Standard constructor.
44       *
45       * @param name the String name of this user
46       * @param hashAlg the algorithm used to generate the hash of the password
47       */
48      public DefaultUser(String name, String hashAlg) {
49          userName = name;
50          algorithm = hashAlg;
51      }
52  
53      /***
54       * Constructor for repositories that are construcing user objects from
55       * separate fields, e.g. databases.
56       *
57       * @param name the String name of this user
58       * @param passwordHash the String hash of this users current password
59       * @param hashAlg the String algorithm used to generate the hash of the
60       * password
61       */
62      public DefaultUser(String name, String passwordHash, String hashAlg) {
63          userName = name;
64          hashedPassword = passwordHash;
65          algorithm = hashAlg;
66      }
67  
68      /***
69       * Accessor for immutable name
70       *
71       * @return the String of this users name
72       */
73      public String getUserName() {
74          return userName;
75      }
76  
77      /***
78       *  Method to verify passwords. 
79       *
80       * @param pass the String that is claimed to be the password for this user
81       * @return true if the hash of pass with the current algorithm matches
82       * the stored hash.
83       */
84      public boolean verifyPassword(String pass) {
85          try {
86              String hashGuess = DigestUtil.digestString(pass, algorithm);
87              return hashedPassword.equals(hashGuess);
88          } catch (NoSuchAlgorithmException nsae) {
89          throw new RuntimeException("Security error: " + nsae);
90      }
91      }
92  
93      /***
94       * Sets new password from String. No checks made on guessability of
95       * password.
96       *
97       * @param newPass the String that is the new password.
98       * @return true if newPass successfuly hashed
99       */
100     public boolean setPassword(String newPass) {
101         try {
102             hashedPassword = DigestUtil.digestString(newPass, algorithm);
103             return true;
104         } catch (NoSuchAlgorithmException nsae) {
105             throw new RuntimeException("Security error: " + nsae);
106         }
107     }
108 
109     /***
110      * Method to access hash of password
111      *
112      * @return the String of the hashed Password
113      */
114     protected String getHashedPassword() {
115         return hashedPassword;
116     }
117 
118     /***
119      * Method to access the hashing algorithm of the password.
120      *
121      * @return the name of the hashing algorithm used for this user's password
122      */
123     protected String getHashAlgorithm() {
124         return algorithm;
125     }
126 
127 
128 }