Package ome.security.auth

Class PasswordUtil

  • public class PasswordUtil
extends java.lang.Object
    Static methods for dealing with password hashes and the "password" table. Used primarily by AdminImpl
    Since:
    3.0-Beta1
    See Also:
    SecuritySystem, AdminImpl

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  PasswordUtil.METHOD  

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String DEFAULT_ENCODING
      The default encoding for converting plain text passwords to byte arrays (UTF-8)

    • Constructor Summary

      Constructors 
      Constructor Description
      PasswordUtil​(ome.util.SqlAction sql)  
      PasswordUtil​(ome.util.SqlAction sql, boolean passwordRequired)  
      PasswordUtil​(ome.util.SqlAction sql, boolean passwordRequired, java.nio.charset.Charset encoding)  
      PasswordUtil​(ome.util.SqlAction sql, java.nio.charset.Charset encoding)  
      PasswordUtil​(ome.util.SqlAction sql, ome.system.Roles roles, boolean passwordRequired)  
      PasswordUtil​(ome.util.SqlAction sql, ome.system.Roles roles, boolean passwordRequired, java.nio.charset.Charset encoding)  

    • Field Detail

      • DEFAULT_ENCODING

        public static final java.lang.String DEFAULT_ENCODING
        The default encoding for converting plain text passwords to byte arrays (UTF-8)
        See Also:
        Constant Field Values

    • Constructor Detail

      • PasswordUtil

        public PasswordUtil​(ome.util.SqlAction sql)

      • PasswordUtil

        public PasswordUtil​(ome.util.SqlAction sql,
                    boolean passwordRequired)

      • PasswordUtil

        public PasswordUtil​(ome.util.SqlAction sql,
                    java.nio.charset.Charset encoding)

      • PasswordUtil

        public PasswordUtil​(ome.util.SqlAction sql,
                    boolean passwordRequired,
                    java.nio.charset.Charset encoding)

      • PasswordUtil

        public PasswordUtil​(ome.util.SqlAction sql,
                    ome.system.Roles roles,
                    boolean passwordRequired)

      • PasswordUtil

        public PasswordUtil​(ome.util.SqlAction sql,
                    ome.system.Roles roles,
                    boolean passwordRequired,
                    java.nio.charset.Charset encoding)

    • Method Detail

      • setQueryService

        public void setQueryService​(ome.api.IQuery iQuery)

      • main

        public static void main​(java.lang.String[] args)
        Main method which takes exactly one argument, passes it to preparePassword(String) and prints the results on System.out. This is used by the build system to define the "@ROOTPASS@" placeholder in data.sql.
        Parameters:
        args - the command-line arguments

      • generateRandomPasswd

        public java.lang.String generateRandomPasswd()

      • getDnById

        public boolean getDnById​(java.lang.Long id)

      • changeUserPasswordById

        public void changeUserPasswordById​(java.lang.Long id,
                                   java.lang.String password)
        Calls changeUserPasswordById(Long, String, METHOD) with "false" as the value of the salt argument in order to provide backwards compatibility.
        Parameters:
        id - the user ID
        password - the password

      • changeUserPasswordById

        public void changeUserPasswordById​(java.lang.Long id,
                                   java.lang.String password,
                                   PasswordUtil.METHOD meth)
        Calls either preparePassword(String) or prepareSaltedPassword(Long, String) and passes the resulting value to SqlAction.setUserPassword(Long, String). An InternalException is thrown if the modification is not successful, which should only occur if the user has been deleted.
        Parameters:
        id - the user ID
        password - the password
        meth - how to encode the password

      • getUserPasswordHash

        public java.lang.String getUserPasswordHash​(java.lang.Long id)

      • userId

        public java.lang.Long userId​(java.lang.String name)
        Get the user's ID
        Parameters:
        name - the user's name
        Returns:
        their ID, or null if they cannot be found

      • userName

        public java.lang.String userName​(long id)
        Get the user's name
        Parameters:
        id - the user's ID
        Returns:
        their name, or null if they cannot be found

      • userGroups

        public java.util.List<java.lang.String> userGroups​(java.lang.String name)

      • preparePassword

        public java.lang.String preparePassword​(java.lang.String newPassword)

      • prepareSaltedPassword

        public java.lang.String prepareSaltedPassword​(java.lang.Long userId,
                                              java.lang.String newPassword)

      • preparePassword

        protected java.lang.String preparePassword​(java.lang.Long userId,
                                           java.lang.String newPassword,
                                           boolean salt)

      • passwordDigest

        public java.lang.String passwordDigest​(java.lang.String clearText)
        Creates an MD5 hash of the given clear text and base64 encodes it.
        Parameters:
        clearText - the cleartext of the password
        Returns:
        the password hash

      • saltedPasswordDigest

        public java.lang.String saltedPasswordDigest​(java.lang.Long userId,
                                             java.lang.String clearText)
        Creates an MD5 hash of the given clear text and base64 encodes it. If the provided userId argument is not null, then it will be used as a salt value for the password.
        Parameters:
        userId - the user's ID, may be null
        clearText - the cleartext of the password
        Returns:
        the password hash

      • passwordDigest

        protected java.lang.String passwordDigest​(java.lang.Long userId,
                                          java.lang.String clearText,
                                          boolean salt)

      • isPasswordRequired

        public boolean isPasswordRequired​(java.lang.Long id)
        Returns a boolean based on the supplied user ID and system property setting. Returns false for the guest user, true for administrators, otherwise matches the setting of omero.security.password_required.
        Parameters:
        id - The user ID.
        Returns:
        boolean true or false