Hi Folks,
Am I doing this right ?
I am currently in a pickle whereby my credentials matching scheme in my realm
operates
setAuthenticationTokenClass(UsernamePasswordToken.class);
setCredentialsMatcher(new
HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));
But at the end of my doGetAuthentication (...)... I am doing this...
SimpleByteSource bs = new
SimpleByteSource(Base64.decode(person.getPasswordSalt()));
return new SimpleAuthenticationInfo(username, token.getCredentials(),
bs, getName());
}
am I shooting myself in the foot by performing the base64.decode ?
Is there a need to decode anything at this point?
All I am doing is putting some salt on my password.
Any feedback is appreciated. Just a bit wishy washy about the base64 usage.
Thanks
