|
Fish & Chips Club 4.10.0.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Object hirondelle.fish.access.user.User
public final class User
User for the Fish and Chips Club.
When first added, the User has a fixed, inconvenient password, which they are encouraged to change. This is not enforced by the application, however.
The password is "hashed". A one-way hash function ensures the password is NOT stored in cleartext. When the container enforces a security-constraint defined in web.xml, the container must be instructed to call the exact same hash function (SHA-1), in order to match the database.
Performing the hash here, instead of in the database, provides independance from database implementations of hash functions (or lack thereof).
Note that a one-way hash function is used here, NOT an encryption function: encrypted items are ultimately intended for decryption. Here, no decryption is ever attempted. In fact, the whole point of using a hash function is that it is nearly impossible to deduce the password from the hashed value itself.
Constructor Summary | |
---|---|
User(SafeText aName,
SafeText aHashedPassword)
Constructor taking a password that is already hashed. |
Method Summary | |
---|---|
boolean |
equals(Object aThat)
|
static User |
forNewUserOrPasswordReset(SafeText aName)
Factory method for a new User , with a fixed, initial password. |
static User |
forPasswordChange(SafeText aName,
SafeText aClearTextPassword)
Factory method for a new User , reflecting a new password. |
SafeText |
getName()
Return the user name passed to the constructor. |
SafeText |
getPassword()
Return the hashed password (never cleartext). |
int |
hashCode()
|
boolean |
isResetValue()
Return true only if the password matches the initial, reset value. |
String |
toString()
Intended for debugging only. |
Methods inherited from class Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public User(SafeText aName, SafeText aHashedPassword) throws ModelCtorException
This constructor is used when retrieving from the database, where passwords are already stored in a hashed form.
aName
- user name (required), 6..50 characters, no spaces.aHashedPassword
- hashed user password (required), 6..50 characters, no spaces, and never the
same as the user name.
ModelCtorException
Method Detail |
---|
public static User forNewUserOrPasswordReset(SafeText aName) throws ModelCtorException
User
, with a fixed, initial password.
In this implementation, the initial password is very long, and thus inconvenient to use. New users are encouraged to change it immediately, upon first use. This is not enforced, however.
ModelCtorException
public static User forPasswordChange(SafeText aName, SafeText aClearTextPassword) throws ModelCtorException
User
, reflecting a new password.
The arguments must pass the same constraints as User(SafeText, SafeText)
.
ModelCtorException
public SafeText getName()
public SafeText getPassword()
public boolean isResetValue()
Passwords which match the initial, reset value should be changed by the end user.
public String toString()
toString
in class Object
public boolean equals(Object aThat)
equals
in class Object
public int hashCode()
hashCode
in class Object
|
Fish & Chips Club 4.10.0.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |