Don't forget there are a number of common CredentialsMatcher implementations that might suit your needs, supporting MD2, MD5, SHA-1, SHA-256, SHA-312, and SHA-512 hashing.
If these won't work and you have to write your own, you might consider subclassing the org.apache.shiro.authc.credential.SimpleCredentialsMatcher to simplify your implementation. Cheers, Les On Fri, Aug 21, 2009 at 9:23 AM, Andy Tripp<[email protected]> wrote: > If you have your own AuthenticationRealm already, you can just add this > to its constructor: > setCredentialsMatcher(new MyCredentialsMatcher()); > > or you could do it in the config: > # you already have your own realm specified: > myrealm = com.whatever.MyAuthenticationRealm > # this will get translated into a setCredentialsMatcher() call: > myrealm.credentialsMatcher = com.whatever.MyCredentialsMatcher > > In either case, your own credentials matcher looks something like this: > > public class MyCredentialsMatcher implements CredentialsMatcher { > public boolean doCredentialsMatch(AuthenticationToken token, > AuthenticationInfo info) { > String userPassword = new String((char[]) > token.getCredentials()); > String storedPassword = new String((char[]) > info.getCredentials()); > > String encrypted = doSomeEncryption(userPassword); > return encrypted.equals(storedPassword); > } > } > >> -----Original Message----- >> From: LS [mailto:[email protected]] >> Sent: Friday, August 21, 2009 4:06 AM >> To: [email protected] >> Subject: How can I change default credentials matcher in web > application? >> >> >> How can I change default credentials matcher in web application? >> I use ShiroFilter configured through web.xml >> How can I move from default sha1 matcher to md5 or some other? >> -- >> View this message in context: http://n2.nabble.com/How-can-I-change- >> default-credentials-matcher-in-web-application-tp3486556p3486556.html >> Sent from the Shiro User mailing list archive at Nabble.com. >
