Yes, if using the new PasswordService/PasswordMatcher components introduced in 1.2, the SaltedAuthenticationInfo components are not necessary. They're only necessary for backwards compatibility when using the older HashedCredentialsMatcher.
HTH! -- Les Hazlewood CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog<http://www.stormpath.com/blog/index> On Fri, Apr 20, 2012 at 3:03 PM, drmike01 <[email protected]> wrote: > I've managed to successfully implement PasswordMatcher/PasswordService into > my app for logging somebody in. However, it seems that using this makes a > Realm's understanding of salt-related info, like where it is stored and how > to query for it, irrelevant, because all of that information is now stored > along with the password (like > > $shiro1$SHA-256$500000$0aUNlpj42iGDjGIullhsiw==$UU1VrBFMb0HLmcgR2J5Er9/FMOjavHwvG9xNopKre2Q=). > > Is this an accurate understanding on my part? I think the answer's a quick > yes, but just wanted to make sure before I remove all the related > code/configuration (currently commented out awaiting implementation). > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Does-PasswordService-make-a-realm-s-SaltStyle-and-SaltedAuthenticationQuery-irrelevant-tp7485953p7485953.html > Sent from the Shiro User mailing list archive at Nabble.com. >
