Hi Paul, The PasswordMatcher by default does not look at anything in the AuthenticationInfo other than authenticationInfo.getCredentials(). This is because it is expected that, when using the PasswordService, the credentials object is a Modular Crypt Format [1] String that has the salt (and any other necessary data) embedded in the String.
Because of this assumption (that everything necessary is part of a MCF-formatted string that can be parsed for the relevant data), the implementation does not check for any properties other than just authcInfo.getCredentials(); As a bridge approach, you can subclass PasswordMatcher and override the getStoredPassword(AuthenticationInfo info) method. In there, you can check to see if the instance is a SaltedAuthenticationInfo instance, and if so, inspect the properties to build and return, say, a Shiro1 MCF-formatted String [2]. The rest of the logic downstream will work as if the stored data was the expected MCF string. Another approach is to do this same logic inside your Realm for only those accounts that don't yet have a single MCF-formatted property. Does that help? [1] http://packages.python.org/passlib/modular_crypt_format.html [2] http://shiro.apache.org/static/current/apidocs/org/apache/shiro/crypto/hash/format/Shiro1CryptFormat.html Cheers, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk On Thu, Oct 4, 2012 at 2:11 PM, Les Hazlewood <[email protected]> wrote: > I'll take a look into it and get back shortly. > > -- > Les Hazlewood | @lhazlewood > CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 > Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk > > On Thu, Oct 4, 2012 at 9:37 AM, Jared Bunting <[email protected] > > wrote: > >> So, DefaultPasswordService is intended to be used with hashed passwords >> generated by SimpleHash. If you run a password through this, you will >> see that it actually embeds all the information necessary for >> PasswordService in the output string. So, my recommendation is to not >> try and store the salt separately, and just let shiro handle it. >> Sorry that I can't provide more information on why your specific case >> isn't working, but I'd have to dig into it a bit and the day job is >> rather hectic right now. >> >> -Jared >> >> On Thu 04 Oct 2012 11:00:55 AM CDT, Paul Holding wrote: >> > Sorry to keep going on about this but is anyone able to confirm whether >> the >> > setCredentialsSalt method in SimpleAuthenticationInfo is the correct >> way to >> > set the user's salt in a custom realm when using the PasswordMatcher? >> If not >> > is there another way I should be doing it? >> > >> > >> > >> > -- >> > View this message in context: >> http://shiro-user.582556.n2.nabble.com/Migrating-from-HashedCredentialMatcher-to-PasswordMatcher-tp7577808p7577834.html >> > Sent from the Shiro User mailing list archive at Nabble.com. >> >> >> >
