LoginInfo.java

package com.mastfrog.acteur.cookie.auth;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.mastfrog.util.Checks;
import java.util.Random;
import org.netbeans.validation.api.InvalidInputException;
import org.netbeans.validation.api.Problems;

/**
 * User credentials sent in an HTTP request body to log in. Note: The password
 * returning method can be called exactly <i>once</i> - it overwrites the
 * original value with garbage upon being called.. Two properties must be
 * present in the JSON:
 * <ul>
 * <li><code>user</code> decodable as a <code>String</code>
 * <li><code>password</code> decodable as a <code>char[]</code>
 * </ul>
 * Other properties may be present but will be ignored.
 *
 * @author Tim Boudreau
 */
@JsonIgnoreProperties(ignoreUnknown = true)
public class LoginInfo {

    private final String user;
    private final char[] password;
    private static final Random random = new Random();

    @JsonCreator
    public LoginInfo(@JsonProperty("user") String user, @JsonProperty("password") char[] password) {
        Checks.notNull("user", user);
        Checks.notNull("password", password);
        if (password.length == 0) {
            throw new InvalidInputException(new Problems().append("Zero length password"));
        }
        this.user = user;
        this.password = password;
    }

    String user() {
        return user;
    }

    synchronized char[] getPassword() {
        char[] result = new char[password.length];
        System.arraycopy(password, 0, result, 0, result.length);
        for (int i = 0; i < password.length; i++) {
            password[i] = (char) random.nextInt();
        }
        return result;
    }
}