Security (OpenMRS-1.7.x API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.openmrs.util
Class Security

java.lang.Object
  org.openmrs.util.Security

public class Security
extends java.lang.Object
extends java.lang.Object

OpenMRS's security class deals with the hashing of passwords.

Field Summary
`static org.apache.commons.logging.Log`	`log`

Constructor Summary
`Security()`

Method Summary
`static java.lang.String`	`encodeString(java.lang.String strToEncode)` This method will hash `strToEncode` using the preferred algorithm.
`static java.lang.String`	`getRandomToken()` This method will generate a random string
`static boolean`	`hashMatches(java.lang.String hashedPassword, java.lang.String passwordToHash)` Compare the given hash and the given string-to-hash to see if they are equal.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

log

public static org.apache.commons.logging.Log log

Constructor Detail

Security

public Security()

Method Detail

hashMatches

public static boolean hashMatches(java.lang.String hashedPassword,
                                  java.lang.String passwordToHash)

Compare the given hash and the given string-to-hash to see if they are equal. The string-to-hash is usually of the form password + salt.

This should be used so that this class can compare against the new correct hashing algorithm and the old incorrect hashin algorithm.

Parameters:: hashedPassword - a stored password that has been hashed previously; passwordToHash - a string to encode/hash and compare to hashedPassword
Returns:: true/false whether the two are equal
Since:: 1.5
Expected behavior:: match strings hashed with incorrect sha1 algorithm, match strings hashed with sha1 algorithm, match strings hashed with sha512 algorithm and 128 characters salt

encodeString

public static java.lang.String encodeString(java.lang.String strToEncode)
                                     throws APIException

This method will hash strToEncode using the preferred algorithm. Currently, OpenMRS's preferred algorithm is hard coded to be SHA-512.

Parameters:: strToEncode - string to encode
Returns:: the SHA-512 encryption of a given string
Throws:: APIException
Expected behavior:: encode strings to 128 characters

getRandomToken

public static java.lang.String getRandomToken()
                                       throws APIException

This method will generate a random string

Returns:: a secure random token.
Throws:: APIException