tarka wrote > > I've implemented the new PasswordService and that works perfectly. > > [...] > > However for some reason I'm still having problems with PasswordMatcher! > > [...] > > There is a statement in the link you sent me that says: > "Ensure the AuthenticationInfo instance supplied by your Realm returns the > encrypted password string from its getCredentials() implementation." > > I'm only storing the encrypted password so wouldn't it return the > encrypted string by default? >
Hi Tarka! I'm also just using Shiro for the first time, and I encountered a similar problem with the PasswordMatcher. After some investigation in the debugger, I found that the problem was that the PasswordMatcher expects getCredentials() to return either a String or a Hash, but the jdbcRealm (and I think all the default implementations of AuthenticatingRealm) stores the hashed password as a char[]. I believe the intent of the statement you quoted above was to address this point, but it seems rather inconvenient to have to subclass the Realm and the AuthenticationInfo just in order to use the PasswordMatcher. My solution to this was to override the PasswordMatcher as follows: And I then used my PasswordMatcherEx in the shiro.ini. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Reading-salted-password-with-SaltedAuthenticationInfo-tp7456785p7475615.html Sent from the Shiro User mailing list archive at Nabble.com.
