AuthenticatingRealm<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html>handles credentials verification by way of a CredentialsMatcher<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/authc/credential/CredentialsMatcher.html>. It'll use SimpleCredentialsMatcher<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/authc/credential/SimpleCredentialsMatcher.html>by default, but it's pretty easy to use your own or one of the built in HashedCredentialsMatcher<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html>s by calling setCredentialsMatcher<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html#setCredentialsMatcher(org.apache.shiro.authc.credential.CredentialsMatcher)> in your Realm.
Hope it helps. --Erik On Thu, Oct 14, 2010 at 2:05 AM, Daedalus <[email protected]> wrote: > > Hello everyone, > > I have written an own JPA based Realm to authenticate my users. For that > used your JDBC Realm as reference. > > It is working and thanks to you great code documention it was also very > easy > and straight forward. But on thing i don't get. > > Where do you actually check the correctness of the users password? In the > whole JDBC Realm is no Line where you check the password and throw an > IncorrectCredentialsException if the password is incorrect. > > I currently do this myself in the realm implementation but I guess this > could be a bad style if you have this functionality already implemented. > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Where-does-Shrio-check-the-Password-tp5634266p5634266.html > Sent from the Shiro User mailing list archive at Nabble.com. >
