Package org.opends.server.extensions
Class ClearPasswordStorageScheme
- java.lang.Object
-
- org.opends.server.api.PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
-
- org.opends.server.extensions.ClearPasswordStorageScheme
-
public final class ClearPasswordStorageScheme extends PasswordStorageScheme<ClearPasswordStorageSchemeCfg>
This class defines a Directory Server password storage scheme that will store the values in clear-text with no encoding at all. This is not at all secure but may be required for backward-compatibility and support for certain legacy applications.
-
-
Constructor Summary
Constructors Constructor Description ClearPasswordStorageScheme()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ByteString
encodePassword(ByteString plaintext)
Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme.ByteString
getPlaintextValue(ByteString storedPassword)
Retrieves the original plaintext value for the provided stored password.String
getStorageSchemeName()
Retrieves the name of the password storage scheme provided by this handler.void
initializePasswordStorageScheme(ClearPasswordStorageSchemeCfg configuration, ServerContext serverContext)
Initializes this password storage scheme handler based on the information in the provided configuration entry.boolean
isReversible()
Indicates whether this storage scheme is reversible (i.e., it is possible to obtain the original plaintext value from the stored password).boolean
isStorageSchemeSecure()
Indicates whether this password storage scheme should be considered "secure".boolean
passwordMatches(ByteString plaintextPassword, ByteString storedPassword)
Indicates whether the provided plaintext password included in a bind request matches the given stored value.-
Methods inherited from class org.opends.server.api.PasswordStorageScheme
authPasswordMatches, destroySilently, encodeAuthPassword, encodePasswordWithScheme, finalizePasswordStorageScheme, getAuthPasswordPlaintextValue, getAuthPasswordSchemeName, isConfigurationAcceptable, isRehashNeeded, supportsAuthPasswordSyntax
-
-
-
-
Method Detail
-
initializePasswordStorageScheme
public void initializePasswordStorageScheme(ClearPasswordStorageSchemeCfg configuration, ServerContext serverContext)
Description copied from class:PasswordStorageScheme
Initializes this password storage scheme handler based on the information in the provided configuration entry. It should also register itself with the Directory Server for the particular storage scheme that it will manage.- Specified by:
initializePasswordStorageScheme
in classPasswordStorageScheme<ClearPasswordStorageSchemeCfg>
- Parameters:
configuration
- The configuration entry that contains the information to use to initialize this password storage scheme handler.serverContext
- The server context
-
getStorageSchemeName
public String getStorageSchemeName()
Description copied from class:PasswordStorageScheme
Retrieves the name of the password storage scheme provided by this handler.- Specified by:
getStorageSchemeName
in classPasswordStorageScheme<ClearPasswordStorageSchemeCfg>
- Returns:
- The name of the password storage scheme provided by this handler.
-
encodePassword
public ByteString encodePassword(ByteString plaintext)
Description copied from class:PasswordStorageScheme
Encodes the provided plaintext password for this storage scheme, without the name of the associated scheme. Note that the provided plaintext password should not be altered in any way.- Specified by:
encodePassword
in classPasswordStorageScheme<ClearPasswordStorageSchemeCfg>
- Parameters:
plaintext
- The plaintext version of the password.- Returns:
- The password that has been encoded using this storage scheme.
-
passwordMatches
public boolean passwordMatches(ByteString plaintextPassword, ByteString storedPassword)
Description copied from class:PasswordStorageScheme
Indicates whether the provided plaintext password included in a bind request matches the given stored value. The provided stored value should not include the scheme name in curly braces.- Specified by:
passwordMatches
in classPasswordStorageScheme<ClearPasswordStorageSchemeCfg>
- Parameters:
plaintextPassword
- The plaintext password provided by the user as part of a simple bind attempt.storedPassword
- The stored password to compare against the provided plaintext password.- Returns:
true
if the provided plaintext password matches the provided stored password, orfalse
if not.
-
isReversible
public boolean isReversible()
Description copied from class:PasswordStorageScheme
Indicates whether this storage scheme is reversible (i.e., it is possible to obtain the original plaintext value from the stored password).- Overrides:
isReversible
in classPasswordStorageScheme<ClearPasswordStorageSchemeCfg>
- Returns:
true
if this is a reversible password storage scheme, orfalse
if it is not.
-
getPlaintextValue
public ByteString getPlaintextValue(ByteString storedPassword)
Description copied from class:PasswordStorageScheme
Retrieves the original plaintext value for the provided stored password. Note that this should only be called ifisReversible
returnstrue
.- Overrides:
getPlaintextValue
in classPasswordStorageScheme<ClearPasswordStorageSchemeCfg>
- Parameters:
storedPassword
- The password for which to obtain the plaintext value. It should not include the scheme name in curly braces.- Returns:
- The plaintext value for the provided stored password.
-
isStorageSchemeSecure
public boolean isStorageSchemeSecure()
Description copied from class:PasswordStorageScheme
Indicates whether this password storage scheme should be considered "secure". If the encoding used for this scheme does not obscure the value at all, or if it uses a method that is trivial to reverse (e.g., base64), then it should not be considered secure.
This may be used to determine whether a password may be included in a set of search results, including the possibility of overriding access controls in the case that access controls would allow the password to be returned but the password is considered too insecure to reveal.- Specified by:
isStorageSchemeSecure
in classPasswordStorageScheme<ClearPasswordStorageSchemeCfg>
- Returns:
false
if it may be trivial to discover the original plain-text password from the encoded form, ortrue
if the scheme offers sufficient protection that revealing the encoded password will not easily reveal the corresponding plain-text value.
-
-