P.S. I forgot to say that a huge benefit of the PasswordService approach is that you can change hashing strategies at any time you wish (e.g. algorithm, # iterations, etc) and you _won't_ break existing passwords! This is a huge benefit to end-users: you don't have to reset all of their passwords when you make a hashing config change if you didn't want to.
On Wed, Feb 1, 2012 at 12:10 PM, Les Hazlewood <[email protected]> wrote: > Hi Mike, > > Thanks for reporting that the newer <listener> configuration works - > that might help anyone who could have this issue in the future. > > As to your shiro.ini - it looks good to me. On a side note, if you > can use it, I think you'll find the new > PasswordService/PasswordMatcher mechanisms introduced in 1.2 even > nicer than the older HashedCredentialsMatcher: > > [main] > … > passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher > passwordService = org.apache.shiro.authc.credential.DefaultPasswordService > #config the passwordService w/ hashing strategies as necessary > > passwordMatcher.passwordService = $passwordService > … > myRealm.credentialsMatcher = $passwordMatcher > #end ini > > You can obtain the PasswordService to hash passwords and save them to > an account at runtime in an ini-configured web app by doing the > following (e.g. during account creation or password reset): > > NamedObjectEnvironment env = > (NamedObjectEnvironment)WebUtils.getWebEnvironment(servletContext); > PasswordService svc = env.getObject("passwordService", PasswordService.class); > > String encryptedPassword = svc.encryptPassword(userRawPlaintextPassword); > user.setPassword(encryptedPassword); > user.save(); > > In your Realm.getAuthenticationInfo() method (or > doGetAuthenticationInfo()), return an AuthenticationInfo instance > where getCredentials() returns the value of user.getPassword(); > > This will be mentioned again in a yet-to-be-released article on the > new features in Shiro 1.2. Hopefully that will be out on InfoQ in a > week or so. > > HTH, > > -- > Les Hazlewood > CTO, Katasoft | http://www.katasoft.com | 888.391.5282 > twitter: @lhazlewood | http://twitter.com/lhazlewood > katasoft blog: http://www.katasoft.com/blogs/lhazlewood > personal blog: http://leshazlewood.com > > On Wed, Feb 1, 2012 at 10:04 AM, socket70 <[email protected]> wrote: >> Thanks Les. >> >> In short, I've got it working now. >> >> I had recently upgraded to Shiro 1.2 but I hadn't changed my web.xml file to >> use the new initialization procedure. So I still had this in my web.xml: >> >> <filter> >> <filter-name>ShiroFilter</filter-name> >> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class> >> </filter> >> <filter-mapping> >> <filter-name>ShiroFilter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> >> I've now changed it to be this: >> >> <listener> >> >> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> >> </listener> >> <filter> >> <filter-name>ShiroFilter</filter-name> >> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> >> </filter> >> <filter-mapping> >> <filter-name>ShiroFilter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> >> And now Shiro shuts down cleanly. >> >> Notice I did not have to set the EhCache system property as you suggested in >> your reply. >> >> So my shiro.ini looks like this (simplified for this post): >> >> [main] >> >> authc = com.myapp.auth.shiro.ShiroFormAuthenticationFilter >> authcRealm = com.myapp.auth.shiro.ShiroAuthorizingRealm >> matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher >> matcher.hashAlgorithmName = SHA-256 >> matcher.hashIterations = 1 >> authcRealm.credentialsMatcher = $matcher >> cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager >> securityManager.realms = $authcRealm >> securityManager.cacheManager = $cacheManager >> >> And again, I'm not doing any special configuration for EhCache, so it's just >> using the ehcache.xml file that's included with Shiro. >> >> Does all of that (specifically the shiro.ini file) look correct? >> >> Thanks, >> >> -Mike >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Unclean-shutdown-of-Tomcat-related-to-EhCacheManager-tp6267587p7243842.html >> Sent from the Shiro User mailing list archive at Nabble.com.
