[
https://issues.apache.org/jira/browse/SHIRO-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13056897#comment-13056897
]
Phil Steitz commented on SHIRO-277:
-----------------------------------
I am working on a patch for this and have a couple of questions.
First, the API for adding salt support. Here is one way to do it:
Add
protected byte[] getSaltForUser(String username)
and have the default implementation query the database using
protected String userSaltQuery = DEFAULT_USER_SALT_QUERY;
Exposing getSaltForUser enables users to override it with whatever
salt-generation scheme they choose.
Sound OK?
Second, I noticed that there are no tests for JdbcRealm. In developing a test
class, we need to decide how to create or simulate the realm database. Here
are some options:
0) I see EasyMock is already used elsewhere, but that might be a little ugly /
hard to follow.
1) derby
2) hsqldb
3) grab DBCP's Tester* classes
4) something else?
I would personally favor 1) or 2) but will use EasyMock (or whatever else) if
we don't want to add any more test dependencies.
> JdbcRealm needs to be refactored
> --------------------------------
>
> Key: SHIRO-277
> URL: https://issues.apache.org/jira/browse/SHIRO-277
> Project: Shiro
> Issue Type: Improvement
> Components: Realms
> Affects Versions: 1.1.0
> Reporter: Ilya Pyatigorskiy
> Fix For: 1.2.0
>
>
> There are at least 2 obvious problems:
> 1) the javadoc for JdbcRealm.setPermissionsQuery suggests that the query is
> expected to have 3 columns ("containing the fully qualified name of the
> permission class, the permission name, and the permission actions (in that
> order)"), but the code actually looks only for 1 - permission actions on
> index 0
> 2) it doesn't support salt - checks only for password matching
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
