I'm interesting in trying it out when I have some free time to mess around with
it.
Need to see what's going to be new, but I'm hoping it's going to be great, and
as you said work well with Shiro 1.2.3.
> Date: Sun, 14 Sep 2014 02:42:57 -0700
> From: p...@pholding.co.uk
> To: user@shiro.apache.
As I mentioned I have added both the Shiro-all, and shiro-ehcache.jar. I am
using netbeans IDE, so that normally deals with all the configs and such I
need. Every other extension jar works this way, so I doubt it's something
wrong with that... I could include the Manifest if you want.
So aga
I will remember this when doing this for the web portion, so thank you!
Date: Tue, 16 Sep 2014 20:30:22 -0300
Subject: Re: EhCache.jar included but getting java.lang.ClassNotFoundException:
net.sf.ehcache.CacheException
From: kotogadek...@gmail.com
To: user@shiro.apache.org
Oh. If you are using
Thanks so it will work with Shiro? I'm surprised shiro doesn't have nything
for this...
> Date: Wed, 17 Sep 2014 01:16:49 -0700
> From: dominicf...@gmail.com
> To: user@shiro.apache.org
> Subject: Re: SHA-256/SHA-512 not secure enough for passwords?
>
> bcrypt is very easy and very secure.
>
>
I was curious if we will be getting better hashing algorithms? I'm new to
Cryptography and such, but I was reading somethng last nigth saying that SHA
isn't really secure for passing and we should be using either bcrypt, scrypt,
or PK2BK?
Someone made a post about spring security and bcrpyt, b
financial data is
involved, or other sensitive data, look to bcrypt
As for using spring security bcrypt, it was meant as an example of simple
abstraction. You could use bcrypt directly. Or port it to a Shiro abstraction.
d
On 17 Sep 2014 22:33, "Konrad Zuse" wrote:
I was curi
"Authenticated" means the user has logged in. Remember me only works with
"User" and not "Authenticated" YOu can still run your application by using
them as a user. IT is possible to check to see if they are a user and then
authenticate them, based on previously known data, which means you wu
ore sensitive or more prized data then move on to bcrypt.
good luck-d
On 18 September 2014 00:04, Konrad Zuse wrote:
It's not paranoia more so than what I have been reading, where people say that
SHA shold never be used for passwords... As I said I'm new to
cryptography, so I&
First off I want to say that the sha256credentialsmatcher isn't used anymore,
and you should look at passwordService and PasswordMatcher.
Next I want to say that RememberMe requires a cookie on the web, but not too
sure about ewhat's fully needed for a client application. I would search for
re
I don't think we used HashedCredentialsMatcher anymore,
From: alessio.sta...@manydesigns.com
Date: Wed, 29 Oct 2014 15:26:12 +0100
Subject: Re: Configuring Shiro Programatically
To: user@shiro.apache.org
You're probably missing a LifecycleUtils.init(realm);
Log lines come from AuthenticatingRea
Sorry, ignore my last reply, was in the middle of typing it and was goin g to
finish it later since I didn't have time and clicked send... sorry all again >(
You should, however, be using "passwordservice" and passwordmanager
I don't have much time now, so I will reply again later with some cod
ver, the log messages indicate that it's trying to load a class
with that name?? My database should be setup properly, with a table 'users'
and columns 'password', 'password_salt', and 'username'.
-Robert Middleton
On Wed, Oct 29, 2014 at 2:35 PM, Konr
f72... value is the hashed password, so shiro is reading from the database
properly. However, the log messages indicate that it's trying to load a class
with that name?? My database should be setup properly, with a table 'users'
and columns 'password', 'password
cked. It works fine
as long as the database column is in the $shiro1 format.
-Robert Middleton
On Wed, Oct 29, 2014 at 6:07 PM, Konrad Zuse wrote:
This is my code, granted I will say I have not personally tested it, but I
helped another buddy finish his project so I believe this should
if needed, I was just surprised that the first way of storing the
passwords didn't work.
-Robert Middleton
On Thu, Oct 30, 2014 at 1:13 PM, Konrad Zuse wrote:
Set the salt and stuff via java, and then retrieve with your shiro.ini info.
Date: Thu, 30 Oct 2014 13:06:13 -0400
Subject: Re: Co
Hello all,
>From this link http://shiro.apache.org/configuration.html
Creating a SecurityManager from INIHere are two examples of how to build a
SecurityManager based on INI configuration.SecurityManager from an INI
resourceWe can create the SecurityManager instance from an INI resource path.
ou sure you build tool is setting up your class path correctly?
-Brian
On Nov 8, 2014, at 4:32 PM, Konrad Zuse wrote:
Hello all,
>From this link http://shiro.apache.org/configuration.html
Creating a SecurityManager from INIHere are two examples of how to build a
Nice nice!!! I would talk to Lez about OAuth in Shiro 2.0. I believe there
was mention about it, but I believe that it's good to talk to the boss and see
what's going on. I'm excited for Shiro 2.0 when it's ready!
> Date: Tue, 25 Nov 2014 23:48:51 -0700
> From: lel...@gmail.com
> To: user@shi
There's a ton of work that needs to be on the tutorials and documentation. My
suggestion is that you should check out Stack Overflow questions and such for
answers.
One example is that the docs talk about SHA256Hasher and such for PW hashing,
but now we use PasswordService and PasswordMatcher.
Thanks for the help.
I tried placing it in the default (which I'm assuming is the root?) and
nothing, I will try this conf/ business. I have it in another package, so I
will try to see if the / will work. I tried to do classpath:conf.shiro.ini as
that's what we normally do when referencing a
Why can't you just use the "guest" tag to perform your needed operations?
Could you give an example of why you would need to give them a permission? To
me, you're only trying to check if one user is this or that based on id,
permission, role, etc.
Date: Wed, 11 Feb 2015 01:14:17 -0500
Subj
1.2.4??? What's going on with the 2.0 branch? We were told Late 2014, more
likely Q1 of 2015, but lookingmore at Q3???
Date: Mon, 6 Jul 2015 21:45:50 -0700
Subject: Re: Is shiro still a good choice (JSF+CDI-JAX-WS ejb)
From: kalle.o.korho...@gmail.com
To: user@shiro.apache.org
On Mon, Jul 6,
l.com
To: user@shiro.apache.org
On Tue, Jul 7, 2015 at 3:03 PM, Konrad Zuse wrote:
1.2.4??? What's going on with the 2.0 branch? We were told Late 2014, more
likely Q1 of 2015, but lookingmore at Q3???
2.0 branch is active. There's no fixed timetable but what sort of functio
Hopefully it gets finished soon. I know it was originally looked at for Q4 14
or Q1 15, but hopefully Q3 is where it comes out :)
From: Les Hazlewood
Sent: Friday, August 28, 2015 4:20 PM
To: user@shiro.apache.org
Subject: Re: Shiro 2.0 source code?
It is main
Testing... I'm curious if anyone has been having issues with Nabble
redirecting you to a site called "super-resume?" I'm a bit annoyed that
randomly I will get the page I want in a new tab, and then this redirect in the
original tab. Who has control of the Nabble forum? Is this something on
A friend of mine tried registering but is having issues getting on the mailing
list, so I am going to try posting for them.
---
Hello
I am a bit confused on the paradigm on how we are supposed to work our
Thanks for the information, I appreciate your time as does my friend.
That's interesting you don't need a JSP page, I thought that was needed in
order to work with Shiro, but I guess that's just normal if you're going to
make a JAva application with Shiro.
I believe his Desktop Client is JAva
Sorry for the double email, but hit reply too fast. I was looking at your
comment about "not sending" the Subject, but isn't the Subject created based on
the user's machine? It seems that when you get the security info and then
getSubject that it will get a Subject fo the current machine. Is
>The original developer (Lez Hazelwood) went with what he knew best, which was
the Spring Framework which uses JSP pages as far as I know for web
development. But as long as the resulting HTTP request is the same it does
not matter whether that request was generated by JSP, naked HTML5, node.js,
Py
I'm not sure why that last message sent when I was adjusting font size...
I guess these double emails continue
>It is not the Subject, but the SecurityManager which is based on the machine.
So, the result of subject.isAuthenticated() on one machine can differ from
subject.isAuthenticated
Firstly, I want to say thanks again so much for all of the time/effort putting
into answering my questions, I appreciate it very much.
Second, I want to apologize for not getting back to you in almost 2 weeks.
Recently a family member became extremely ill, so I haven't been able to get to
a c
Thanks for the information. I understand that Shiro is not initialized on the
client, I think I am just not wording my question well, so sorry about that.
Essentially I want to know how to access the ini and Shiro properties from my
servlet in response to a request from the desktop-client. As
I'm sorry, I was just very confused overall, and my explanations weren't all
that good in the end.
Essentially, what I read in the docs and what I was using on the Client
originally, is that you have the ini file setup in some folder and then call it
in Java code by creating a factory and then
I'm really sorry it took me awhile to get back to you, I greatly appreciate
your time and patience with my questions.
I tried to do /** = authc and got an issue where my Status code changed from a
200 OK to a 302 "FOUND" but I couldn't log in with the changes.
I am able to log in just fine us
Thanks for the info.
Yeah, I don't know what's up, but I just get the 302 "FOUND" status code, do
you have any idea why that would be? I will try to find out what gets passed
down, or see if there is some sort of error, but it seems to not pass any error
since it is "FOUND"| just not sure why
35 matches
Mail list logo
