HashedCredentialMatcher not hashing submitted token

Sat, 24 Mar 2012 02:30:47 -0700 

Hello Good People, 

I've spent time reading the documentation about hashing using Sha256.I've
created my CredentialMatcher and set it to my AuthorizationRealm. During the
authentication i could see in my Debugger my CredentialMatcher being called
in AuthenticatingRealm class, but token still contains raw password while
the info contains the hashed password. To my knowledge, the
CredentialMatcher is supposed to hash the token as i do not have to has it
myself  before passing to the UsernamePasswordToken in my LoginController,
or should i?
Can you point out what's wrong? thank you

//LoginController
  Subject currentUser = SecurityUtils.getSubject();

            if (!currentUser.isAuthenticated()) {
                UsernamePasswordToken token = new
UsernamePasswordToken(txtUsername.getText(), txtPassword.getText());
                SecurityUtils.getSubject().login(token);
            }



//HibernateRealm extending AuthorizationRealm

 public HibernateRealm(CredentialsMatcher credentialMatcher){ 
        setName("HibernateRealm");
        this.setCredentialsMatcher(credentialMatcher);
    }

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
at) throws AuthenticationException {
  
        UsernamePasswordToken token = (UsernamePasswordToken) at;
        UserAccount user = uAS.getByUsername(token.getUsername()); // uAS is
my UserAccountService
    
        if(user != null){
            if(user.getStatus() == AccountStatus.DISABLED)
                throw new LockedAccountException();

            return new SimpleAuthenticationInfo(user,
user.getPassword().toCharArray(), this.getName());
        } else {
             throw new UnknownAccountException();
        }        
    }


//MyCredentialMatcher extending HashedCredentialMatcher
public class MySha256CredentialMatcher extends HashedCredentialsMatcher{

    public MySha256CredentialMatcher() {
        super();
        this.setHashAlgorithmName(new Sha256Hash().getAlgorithmName());
    }
    
    @Override
    public boolean doCredentialsMatch(AuthenticationToken token,
AuthenticationInfo info){
            String passwordFromSubmition =
charArrayToString(token.getCredentials());
            String passwordFromStorage =
charArrayToString(info.getCredentials());
            
        return passwordFromStorage.equals(passwordFromSubmition);
    } 
    
    
    private String charArrayToString(Object credentials) {
        return new String((char[]) credentials);
    }
    
}

//security application context in spring
<bean id="hibernateRealm" class="com.bla.bla.web.security.HibernateRealm">
        <constructor-arg  ref="credMatcher"/>
    </bean>
    
    <bean id="credMatcher"
class="com.bla.bla.web.security.MbcSha256CredentialMatcher"/>


codes are  http://pastie.org/3659290 here on pastie  

--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/HashedCredentialMatcher-not-hashing-submitted-token-tp7400888p7400888.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to