Security (OpenMRS 1.8.5-SNAPSHOT API)

java.lang.Object
- org.openmrs.util.Security

```
public class Security
extends Object
```
OpenMRS's security class deals with the hashing of passwords.

Field Summary

Fields
Modifier and Type Field and Description

static org.apache.commons.logging.Log log

Fields
Modifier and Type	Field and Description
`static org.apache.commons.logging.Log`	`log`

Constructor Summary

Constructors
Constructor and Description

Security()

Constructors
Constructor and Description
`Security()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static String`	`encodeString(String strToEncode)` This method will hash `strToEncode` using the preferred algorithm.
`static String`	`getRandomToken()` This method will generate a random string
`static boolean`	`hashMatches(String hashedPassword, String passwordToHash)` Compare the given hash and the given string-to-hash to see if they are equal.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - log
```
public static org.apache.commons.logging.Log log
```
- Constructor Detail
  - Security
```
public Security()
```
- Method Detail
  - hashMatches
```
public static boolean hashMatches(String hashedPassword,
                                  String passwordToHash)
```
    Compare the given hash and the given string-to-hash to see if they are equal. The string-to-hash is usually of the form password + salt.
    
    This should be used so that this class can compare against the new correct hashing algorithm and the old incorrect hashin algorithm.
    
    Parameters:
    
    hashedPassword - a stored password that has been hashed previously
    
    passwordToHash - a string to encode/hash and compare to hashedPassword
    
    Returns:
    
    true/false whether the two are equal
    
    Since:
    
    1.5
    
    Should:
    
    match strings hashed with incorrect sha1 algorithm, match strings hashed with sha1 algorithm, match strings hashed with sha512 algorithm and 128 characters salt
  - encodeString
```
public static String encodeString(String strToEncode)
                           throws APIException
```
    This method will hash strToEncode using the preferred algorithm. Currently, OpenMRS's preferred algorithm is hard coded to be SHA-512.
    
    Parameters:
    
    strToEncode - string to encode
    
    Returns:
    
    the SHA-512 encryption of a given string
    
    Throws:
    
    APIException
    
    Should:
    
    encode strings to 128 characters
  - getRandomToken
```
public static String getRandomToken()
                             throws APIException
```
    This method will generate a random string
    
    Returns:
    
    a secure random token.
    
    Throws:
    
    APIException

Class Security

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

log

Constructor Detail

Security

Method Detail

hashMatches

encodeString

getRandomToken