Commit 784e68d9 authored by God Ly's avatar God Ly Committed by it2000

OF-401 - addes sha-256 and sha-512 to JDBCAuthProvider and documentation

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@11902 b35dd754-fafc-0310-a699-88a17e54d16e
parent 2757056a
...@@ -105,10 +105,12 @@ ...@@ -105,10 +105,12 @@
<li>jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL <li>jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL
statement should contain a single "?" character, which will be dynamically replaced with statement should contain a single "?" character, which will be dynamically replaced with
a username when being executed.</li> a username when being executed.</li>
<li>jdbcAuthProvider.passwordType -- the type of the password. Valid values are "plain" (the <li>jdbcAuthProvider.passwordType -- the type of the password. Valid values are <ul><li>"plain" (the password is stored as plain text)</li>
password is stored as plain text), "md5" (the password is stored as a hex-encoded MD5 hash) <li>"md5" (the password is stored as a hex-encoded MD5 hash)</li>
and "sha1" (the password is stored as a hex-encoded SHA-1 hash). If this value is not set, <li>"sha1" (the password is stored as a hex-encoded SHA-1 hash)</li>
the password type is assumed to be plain.</li> <li>"sha256" (the password is stored as a hex-encoded SHA-256 hash)</li>
<li>"sha512" (the password is stored as a hex-encoded SHA-512 hash)</li></ul>
If this value is not set, the password type is assumed to be plain.</li>
</ul> </ul>
<p> <p>
......
...@@ -69,6 +69,8 @@ import org.slf4j.LoggerFactory; ...@@ -69,6 +69,8 @@ import org.slf4j.LoggerFactory;
* <li>{@link PasswordType#plain plain} * <li>{@link PasswordType#plain plain}
* <li>{@link PasswordType#md5 md5} * <li>{@link PasswordType#md5 md5}
* <li>{@link PasswordType#sha1 sha1} * <li>{@link PasswordType#sha1 sha1}
* <li>{@link PasswordType#sha256 sha256}
* <li>{@link PasswordType#sha512 sha512}
* </ul> * </ul>
* *
* @author David Snopek * @author David Snopek
...@@ -159,6 +161,12 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -159,6 +161,12 @@ public class JDBCAuthProvider implements AuthProvider {
else if (passwordType == PasswordType.sha1) { else if (passwordType == PasswordType.sha1) {
password = StringUtils.hash(password, "SHA-1"); password = StringUtils.hash(password, "SHA-1");
} }
else if (passwordType == PasswordType.sha256) {
password = StringUtils.hash(password, "SHA-256");
}
else if (passwordType == PasswordType.sha512) {
password = StringUtils.hash(password, "SHA-512");
}
if (!password.equals(userPassword)) { if (!password.equals(userPassword)) {
throw new UnauthorizedException(); throw new UnauthorizedException();
} }
...@@ -328,6 +336,12 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -328,6 +336,12 @@ public class JDBCAuthProvider implements AuthProvider {
else if (passwordType == PasswordType.sha1) { else if (passwordType == PasswordType.sha1) {
password = StringUtils.hash(password, "SHA-1"); password = StringUtils.hash(password, "SHA-1");
} }
else if (passwordType == PasswordType.sha256) {
password = StringUtils.hash(password, "SHA-256");
}
else if (passwordType == PasswordType.sha512) {
password = StringUtils.hash(password, "SHA-512");
}
pstmt.setString(1, password); pstmt.setString(1, password);
pstmt.executeQuery(); pstmt.executeQuery();
} }
...@@ -360,8 +374,18 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -360,8 +374,18 @@ public class JDBCAuthProvider implements AuthProvider {
/** /**
* The password is stored as a hex-encoded SHA-1 hash. * The password is stored as a hex-encoded SHA-1 hash.
*/ */
sha1; sha1,
}
/**
* The password is stored as a hex-encoded SHA-256 hash.
*/
sha256,
/**
* The password is stored as a hex-encoded SHA-512 hash.
*/
sha512;
}
/** /**
* Checks to see if the user exists; if not, a new user is created. * Checks to see if the user exists; if not, a new user is created.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment