JCRUser xref

View Javadoc

1   /****************************************************************
2    * Licensed to the Apache Software Foundation (ASF) under one   *
3    * or more contributor license agreements.  See the NOTICE file *
4    * distributed with this work for additional information        *
5    * regarding copyright ownership.  The ASF licenses this file   *
6    * to you under the Apache License, Version 2.0 (the            *
7    * "License"); you may not use this file except in compliance   *
8    * with the License.  You may obtain a copy of the License at   *
9    *                                                              *
10   *   http://www.apache.org/licenses/LICENSE-2.0                 *
11   *                                                              *
12   * Unless required by applicable law or agreed to in writing,   *
13   * software distributed under the License is distributed on an  *
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
15   * KIND, either express or implied.  See the License for the    *
16   * specific language governing permissions and limitations      *
17   * under the License.                                           *
18   ****************************************************************/
19  
20  package org.apache.james.jcr;
21  
22  import org.apache.jackrabbit.util.Text;
23  import org.apache.james.api.user.User;
24  
25  /**
26   * User backed by JCR data. 
27   * Differs from standard James by improved hash.
28   * TODO: think about improving DefaultUser.
29   */
30  class JCRUser implements User {
31  
32      /** 
33       * Static salt for hashing password.
34       * Modifying this value will render all passwords unrecognizable.
35       */
36      public static final String SALT = "JCRUsersRepository";
37      
38      /**
39       * Hashes salted password.
40       * @param username not null
41       * @param password not null
42       * @return not null
43       */
44      public static String hashPassword(String username, String password) {
45          // Combine dynamic and static salt
46          final String hashedSaltedPassword = Text.md5(Text.md5(username + password) + SALT);
47          return hashedSaltedPassword;
48      }
49      
50      private final String userName;
51      private String hashedSaltedPassword;
52      
53      public JCRUser(final String userName, String hashedSaltedPassword) {
54          super();
55          this.userName = userName;
56          this.hashedSaltedPassword = hashedSaltedPassword;
57      }
58  
59      public String getUserName() {
60          return userName;
61      }
62      
63      /**
64       * Gets salted, hashed password.
65       * @return the hashedSaltedPassword
66       */
67      public final String getHashedSaltedPassword() {
68          return hashedSaltedPassword;
69      }
70  
71      public boolean setPassword(String newPass) {
72          final boolean result;
73          if (newPass == null) {
74              result = false;
75          } else {
76              hashedSaltedPassword = hashPassword(userName, newPass);
77              result = true;
78          }
79          return result;
80      }
81  
82      public boolean verifyPassword(String pass) {
83          final boolean result;
84          if (pass == null) {
85              result = false;
86          } else {
87              result = hashedSaltedPassword == hashPassword(userName, pass);
88          }
89          return result;
90      }
91  }