Class PasswordService

All Implemented Interfaces:

public class PasswordService
extends java.lang.Object
implements AbstractPasswordService
Password authentication service.

This class implements password authentication.

Like all service classes, this class holds only configuration state. Thus, once configured, it can be safely shared between multiple sessions since its state (the configuration) is read-only.

Passwords are (usually) saved in the database using salted hash functions. The process of computing new hashes, and verifying them is delegated to an PasswordService.AbstractVerifier.

The authentication class may be configured to enable password attempt throttling. This provides protection against brute force guessing of passwords. When throttling is enabled, new password attempts are refused until the throttling period is finished.

Password strength validation of a new user-chosen password may be implemented by setting an AbstractStrengthValidator.