Les,
> Glad to help! > > And the idea about using this to seed a crypto chapter is a great > idea. I would have liked to have gotten to this earlier, but there > are only 24 hours in a day :/ (Just a side note for anyone reading > this, anyone can contribute to documentation by logging in to the ASF > Confluence wiki and contributing pages or attaching text to a Jira > issue). > I totally understand! I'm working night and day to meet a deadline and wish there were more hours in the day. If things slow down, I'll see if I can help out on the wiki. But don't hold your breath, as running a startup pretty much takes everything I've got. I really do want to figure out a way to give back to all the great open source projects that I use (including Shiro), but time is the one asset that is most difficult to find. > Also, our discussion has given me some ideas. For example, > SimpleByteSource(String foo) only does one thing - it converts the > input (non-encoded) string into bytes (i.e. > CodecSupport.toBytes(unencodedString)). > > Maybe we can add some heuristics to it where we check the argument, > and if Base64.isBase64(rawStringBytes) or Hex.isHex(stringRawBytes) > we can decode the string first. Otherwise, we use the String as > supplied. That might eliminate many decoding confusion issues. > > I also thought of a ByteSource.Builder inner class to build ByteSource > instances instead of forcing an implementation class > (SimpleByteSource) on end-users. > These sound like great ideas. I had hinted previously that the crypto classes could be enhanced to accept strings and deal with the encoding internally, but your ideas are even better. It keeps the separation, but still will make it very easy to use. My intent was that it would be simple for a user like myself who's only working with strings to use Shiro's crypto features. Obviously it's better to fully understand what's going on inside that black box, but sometimes I just want to trust that the box does what it claims and use it without a full understanding of encoding and crypto. I'm thankful for your explanations, as I now understand the internals better. I think that the documentation should certainly include these explanations. Thanks, Tauren > This has been helpful for me too! ;) > > Thanks, > > Les > > On Fri, Apr 8, 2011 at 12:26 AM, Tauren Mills <tau...@groovee.com> wrote: > > Les, > > I wanted to thank you for your help with all this. I'm now successfully > > encrypting and decrypting values that I can get and set to my persistence > > system as string values. Your assistance was invaluable, and the > information > > in this thread might be a nice start to the Shiro crypto user manual. > > Thanks again, > > Tauren > > > > On Tue, Apr 5, 2011 at 11:59 PM, Les Hazlewood <lhazlew...@apache.org> > > wrote: > >> > >> Finally, I think a lot of your frustration can be cleared up by 2 > >> simple guidelines: > >> > >> 1. You shouldn't ever really need to call aString.getBytes() or > >> aByteSource.getBytes(). > >> > >> 2. If you need bytes-->string or string-->bytes behavior (reading > >> from files or the database and vice versa), you can do that simply: > >> > >> a. bytes --> string: aByteSource.toBase64(); > >> b. string --> bytes: Base64.decode(base64EncodedString); > >> > >> Those two things should probably get you all you need. Anything else > >> will probably just cause confusion. > >> > >> HTH, > >> > >> Les >
