Extending MappedPassword

10 views
Skip to first unread message

Cristian Vrabie

unread,
Jun 7, 2012, 5:31:57 AM6/7/12
to lif...@googlegroups.com
I recently had to implement a User class that had to have his password hashed with Apache's APR variation of MD5 . It should have been a easy job where I just override a hashing function and change the length of the salt from 16 to 8 characters. Instead I had to copy-paste the source code of MappedPassword and rewrite bits because :

1. there is no overridable function that calculates the hash from a password and salt. Instead hash("{"+value+"} salt={"+salt_i.get+"}")is used in multiple places.

2. salt_i is a private field that is not initialised from a function and is used all over the place  

For future extendibility I suggest that a hashing is done by a protected overridable method and that salt_i is either made protected or is initialised from an overridable function.

Do you think that this makes sense? If yes I'm more than happy to open a ticker and/or provide the possible implementation diff?

Cristian
Reply all
Reply to author
Forward
0 new messages