Example usage for org.apache.shiro.authc.credential HashedCredentialsMatcher doCredentialsMatch

List of usage examples for org.apache.shiro.authc.credential HashedCredentialsMatcher doCredentialsMatch

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.authc.credential.*
  5. HashedCredentialsMatcher
  6. doCredentialsMatch

Introduction

In this page you can find the example usage for org.apache.shiro.authc.credential HashedCredentialsMatcher doCredentialsMatch.

Prototype

@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info)

Source Link

Document

This implementation first hashes the token 's credentials, potentially using a salt if the info argument is a org.apache.shiro.authc.SaltedAuthenticationInfo SaltedAuthenticationInfo .

Usage

From source file:demo.learn.shiro.pojo.UserTest.java

License:Apache License

/**
 * Tests basic salting./*from ww w. j a v a2  s .c  om*/
 */
@Test
public void testBasicSalting() {
    try {
        String username = "root";
        String plainTextPassword = "root";
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();

        UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword);

        ByteSource salt = rng.nextBytes();

        String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64();

        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashedPasswordBase64, salt,
                "learn.shiro");

        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashIterations(1024);
        matcher.setStoredCredentialsHexEncoded(false);
        matcher.setHashAlgorithmName("SHA-256");

        boolean result = matcher.doCredentialsMatch(token, info);
        Assert.assertEquals(true, result);
    } catch (Exception ex) {
        ex.printStackTrace();
        Assert.assertEquals(ex.getMessage(), false, true);
    }
}

From source file:demo.learn.shiro.pojo.UserTest.java

License:Apache License

/**
 * Tests de-salting./*from w  w  w . j a va 2 s  .  co  m*/
 */
public void testDesalting() {
    try {
        String username = "user1";
        String plainTextPassword = "hello";
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        ByteSource salt = rng.nextBytes();

        String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64();

        User user = new User(username, hashedPasswordBase64);
        user.setPasswordSalt(salt);

        UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword);
        //         SimpleByteSource desalt = new SimpleByteSource(salt);
        byte[] bytes = salt.getBytes();
        String base64 = Base64.encodeToString(bytes);
        SimpleByteSource desalt1 = new SimpleByteSource(Base64.decode(base64));

        SimpleAccount info = new SimpleAccount(user, hashedPasswordBase64, desalt1, "learn.shiro");

        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("SHA-256");
        matcher.setHashIterations(1024);
        matcher.setStoredCredentialsHexEncoded(false);

        boolean result = matcher.doCredentialsMatch(token, info);
        Assert.assertEquals(true, result);
    } catch (Exception ex) {
        ex.printStackTrace();
        Assert.assertEquals(ex.getMessage(), false, true);
    }
}

From source file:demo.learn.shiro.pojo.UserTest.java

License:Apache License

/**
 * Tests two salting./*  w  ww  .  j  a  v  a  2s.  c o  m*/
 */
public void testTwoSalting() {
    try {
        String username1 = "user1";
        String username2 = "user2";
        String plainTextPassword1 = "hello";
        String plainTextPassword2 = "hello";

        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        ByteSource salt1 = rng.nextBytes();
        ByteSource salt2 = rng.nextBytes();

        String hashedPasswordBase641 = new Sha256Hash(plainTextPassword1, salt1, 1024).toBase64();
        String hashedPasswordBase642 = new Sha256Hash(plainTextPassword2, salt2, 1024).toBase64();

        User user1 = new User(username1, hashedPasswordBase641);
        User user2 = new User(username2, hashedPasswordBase642);
        user1.setPasswordSalt(salt1);
        user2.setPasswordSalt(salt2);

        UsernamePasswordToken token1 = new UsernamePasswordToken(username1, plainTextPassword1);
        UsernamePasswordToken token2 = new UsernamePasswordToken(username2, plainTextPassword2);

        SimpleAccount info1 = new SimpleAccount(user1, hashedPasswordBase641, salt1, "learn.shiro");
        SimpleAccount info2 = new SimpleAccount(user2, hashedPasswordBase642, salt2, "learn.shiro");

        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("SHA-256");
        matcher.setHashIterations(1024);
        matcher.setStoredCredentialsHexEncoded(false);

        boolean result = matcher.doCredentialsMatch(token1, info1);
        Assert.assertEquals(true, result);

        result = matcher.doCredentialsMatch(token2, info2);
        Assert.assertEquals(true, result);
    } catch (Exception ex) {
        ex.printStackTrace();
        Assert.assertEquals(ex.getMessage(), false, true);
    }
}

From source file:demo.learn.shiro.tool.PasswordMatcherTool.java

License:Apache License

/**
 * Main method./*  www. j a  v a2 s . com*/
 * @param args Pass in plain text password, hashed password,
 * and salt. These arguments are generated from
 * {@link PasswordEncryptionTool}.
 * @throws ParseException
 */
@SuppressWarnings("static-access")
public static void main(String[] args) throws ParseException {
    String username = "";
    String plainTextPassword = "root";
    String hashedPasswordBase64 = "ZzIkhapTVzGkhWRQqdUn2zod5npt9RJMSni8My6X+r8=";
    String saltBase64 = "BobnkcsIXcZGksA30eOySA==";
    String realmName = "";

    Option p = OptionBuilder.withArgName("password").hasArg().withDescription("plain text password")
            .isRequired(false).create('p');
    Option h = OptionBuilder.withArgName("password").hasArg().withDescription("hashed password")
            .isRequired(false).create('h');
    Option s = OptionBuilder.withArgName("salt").hasArg().withDescription("salt (Base64 encoded)")
            .isRequired(false).create('s');

    Options options = new Options();
    options.addOption(p);
    options.addOption(h);
    options.addOption(s);

    try {
        CommandLineParser parser = new BasicParser();
        CommandLine cmd = parser.parse(options, args);

        if (cmd.hasOption("p")) {
            plainTextPassword = cmd.getOptionValue("p");
        }
        if (cmd.hasOption("h")) {
            hashedPasswordBase64 = cmd.getOptionValue("h");
        }
        if (cmd.hasOption("s")) {
            saltBase64 = cmd.getOptionValue("s");
        }
    } catch (ParseException pe) {
        String cmdLineSyntax = "java -cp %CLASSPATH% demo.learn.shiro.tool.PasswordMatcherTool";
        HelpFormatter formatter = new HelpFormatter();
        formatter.printHelp(cmdLineSyntax, options, false);
        return;
    }

    SimpleByteSource salt = new SimpleByteSource(Base64.decode(saltBase64));
    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashedPasswordBase64, salt,
            realmName);
    UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword);

    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
    matcher.setHashIterations(S.HASH_ITER);
    matcher.setStoredCredentialsHexEncoded(false);
    matcher.setHashAlgorithmName(S.ALGORITHM_NAME);

    boolean result = matcher.doCredentialsMatch(token, info);
    System.out.println("match? " + result);

}