wunmiji opened a new issue, #1101: URL: https://github.com/apache/shiro/issues/1101
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/shiro/issues?q=is%3Aissue) and found no similar issues. ### Question How can I implement SaltedAuthenticationInfo? Whats with wrong with code shiro.ini ``` [main] # Objects and their properties are defined here, # Such as the securityManager, Realms and anything # else needed to build the SecurityManager credentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher credentialsMatcher.storedCredentialsHexEncoded = false credentialsMatcher.hashIterations = 1024 employeeRealm = NamedEmployeeRealm employeeRealm.credentialsMatcher = $credentialsMatcher securityManager.realms = $employeeRealm sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager securityManager.sessionManager.sessionIdCookieEnabled = false # ----------------------------------------------------------------------------- # Users and their (optional) assigned roles # username = password, role1, role2, ..., roleN # ----------------------------------------------------------------------------- [users] # The 'users' section is for simple deployments # when you only need a small number of statically-defined # set of User accounts. # ----------------------------------------------------------------------------- # Roles with assigned permissions # roleName = perm1, perm2, ..., permN # ----------------------------------------------------------------------------- [roles] # The 'roles' section is for simple deployments # when you only need a small number of statically-defined # roles ``` EmployeeRealm ``` @Named("NamedEmployeeRealm") @ApplicationScoped public class EmployeeRealm extends AuthorizingRealm { @Inject AuthenticateFactory factory; @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; String username = token.getUsername(); char[] passwordChar = token.getPassword(); if (username == null) throw new AccountException("Null usernames!"); if (passwordChar == null) throw new AccountException("Null passwords!"); String password = new String(passwordChar); Object[] secret = factory.getSecret(username); String hashedPassword = (String) secret[1]; String salt = (String) secret[2]; // Return the authentication info password = 123456 return new EmployeeSaltedAuthenticationInfo(username, "2R7mQYMu3OkORIEbRJY/AqvDqWvVAoFIhXMBa8dwh2o=", "25+ri82pdmDMrcUHpFOaCg==", getName()); } } ``` EmployeeSaltedAuthenticationInfo ``` public class EmployeeSaltedAuthenticationInfo implements SaltedAuthenticationInfo { private final String username; private final String password; private final String salt; private final String name; public EmployeeSaltedAuthenticationInfo(String username, String password, String salt, String name) { this.username = username; this.password = password; this.salt = salt; this.name = name; } @Override public ByteSource getCredentialsSalt() { return ByteSource.Util.bytes(Base64.decode(salt)); } @Override public PrincipalCollection getPrincipals() { return new SimplePrincipalCollection(username, name); } @Override public Object getCredentials() { return password; } } ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
