Hi -- We are having difficulty because the UTF-8 encoding has changed between Java 1.6 releases. In particular, we are running 1.6.0_10 and find that passwords are encoded to UTF-8 format differently than in 1.6.0_24. Here is some official documentation describing it:
http://www.oracle.com/technetwork/java/javase/6u11-139394.html My understanding is that Shiro relies on the UTF-8 format being "standard" and reproducible. Interestingly, Sun also made a change to the UTF-8 format in Java 1.5. In Shiro, the password is entered as a String and then converted to UTF-8 format before hashing. As you can imagine, I'm having a lot of trouble trying to figure out how to migrate old passwords to a new format!! But, I wanted to make you aware of this issue -- perhaps, Shiro should encode using UTF-32 format instead since that format truly can't change. Dan -- View this message in context: http://shiro-user.582556.n2.nabble.com/UTF-8-password-encoding-issue-with-Java-1-6-releases-tp6308011p6308011.html Sent from the Shiro User mailing list archive at Nabble.com.
