List of usage examples for org.apache.shiro.authc.credential HashedCredentialsMatcher setStoredCredentialsHexEncoded
public void setStoredCredentialsHexEncoded(boolean storedCredentialsHexEncoded)
From source file:com.ning.billing.tenant.security.KillbillCredentialsMatcher.java
License:Apache License
public static CredentialsMatcher getCredentialsMatcher() { // This needs to be in sync with DefaultTenantDao final HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(HASH_ALGORITHM_NAME); // base64 encoding, not hex credentialsMatcher.setStoredCredentialsHexEncoded(false); credentialsMatcher.setHashIterations(HASH_ITERATIONS); return credentialsMatcher; }
From source file:de.fatalix.bookery.bl.authentication.CDIAwareShiroEnvironmentLoader.java
License:Open Source License
@Override protected WebEnvironment createEnvironment(ServletContext sc) { WebEnvironment webEnvironment = super.createEnvironment(sc); RealmSecurityManager rsm = (RealmSecurityManager) webEnvironment.getSecurityManager(); HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(HASHING_ALGORITHM); hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true); jpaRealm.setCredentialsMatcher(hashedCredentialsMatcher); Collection<Realm> realms = rsm.getRealms(); realms.add(jpaRealm);/*w w w . j a v a 2 s . c om*/ rsm.setRealms(realms); ((DefaultWebEnvironment) webEnvironment).setSecurityManager(rsm); return webEnvironment; }
From source file:demo.learn.shiro.pojo.UserTest.java
License:Apache License
/** * Tests basic salting.//from w w w .j a v a2 s. c om */ @Test public void testBasicSalting() { try { String username = "root"; String plainTextPassword = "root"; RandomNumberGenerator rng = new SecureRandomNumberGenerator(); UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword); ByteSource salt = rng.nextBytes(); String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64(); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashedPasswordBase64, salt, "learn.shiro"); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashIterations(1024); matcher.setStoredCredentialsHexEncoded(false); matcher.setHashAlgorithmName("SHA-256"); boolean result = matcher.doCredentialsMatch(token, info); Assert.assertEquals(true, result); } catch (Exception ex) { ex.printStackTrace(); Assert.assertEquals(ex.getMessage(), false, true); } }
From source file:demo.learn.shiro.pojo.UserTest.java
License:Apache License
/** * Tests de-salting.//from w w w .ja va 2 s . co m */ public void testDesalting() { try { String username = "user1"; String plainTextPassword = "hello"; RandomNumberGenerator rng = new SecureRandomNumberGenerator(); ByteSource salt = rng.nextBytes(); String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64(); User user = new User(username, hashedPasswordBase64); user.setPasswordSalt(salt); UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword); // SimpleByteSource desalt = new SimpleByteSource(salt); byte[] bytes = salt.getBytes(); String base64 = Base64.encodeToString(bytes); SimpleByteSource desalt1 = new SimpleByteSource(Base64.decode(base64)); SimpleAccount info = new SimpleAccount(user, hashedPasswordBase64, desalt1, "learn.shiro"); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("SHA-256"); matcher.setHashIterations(1024); matcher.setStoredCredentialsHexEncoded(false); boolean result = matcher.doCredentialsMatch(token, info); Assert.assertEquals(true, result); } catch (Exception ex) { ex.printStackTrace(); Assert.assertEquals(ex.getMessage(), false, true); } }
From source file:demo.learn.shiro.pojo.UserTest.java
License:Apache License
/** * Tests two salting./*from w w w .ja va 2s.c o m*/ */ public void testTwoSalting() { try { String username1 = "user1"; String username2 = "user2"; String plainTextPassword1 = "hello"; String plainTextPassword2 = "hello"; RandomNumberGenerator rng = new SecureRandomNumberGenerator(); ByteSource salt1 = rng.nextBytes(); ByteSource salt2 = rng.nextBytes(); String hashedPasswordBase641 = new Sha256Hash(plainTextPassword1, salt1, 1024).toBase64(); String hashedPasswordBase642 = new Sha256Hash(plainTextPassword2, salt2, 1024).toBase64(); User user1 = new User(username1, hashedPasswordBase641); User user2 = new User(username2, hashedPasswordBase642); user1.setPasswordSalt(salt1); user2.setPasswordSalt(salt2); UsernamePasswordToken token1 = new UsernamePasswordToken(username1, plainTextPassword1); UsernamePasswordToken token2 = new UsernamePasswordToken(username2, plainTextPassword2); SimpleAccount info1 = new SimpleAccount(user1, hashedPasswordBase641, salt1, "learn.shiro"); SimpleAccount info2 = new SimpleAccount(user2, hashedPasswordBase642, salt2, "learn.shiro"); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher("SHA-256"); matcher.setHashIterations(1024); matcher.setStoredCredentialsHexEncoded(false); boolean result = matcher.doCredentialsMatch(token1, info1); Assert.assertEquals(true, result); result = matcher.doCredentialsMatch(token2, info2); Assert.assertEquals(true, result); } catch (Exception ex) { ex.printStackTrace(); Assert.assertEquals(ex.getMessage(), false, true); } }
From source file:demo.learn.shiro.realm.CustomRealmTest.java
License:Apache License
/** * Tests matching.// w w w. j a v a 2 s. c o m */ public void testMatch() { try { String username = "root"; String password = "root"; UserDao userDao = UserDao.getInstance(); userDao.delete(username); userDao.create(username, password); UsernamePasswordToken token = new UsernamePasswordToken(username, password); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashAlgorithmName("SHA-256"); matcher.setHashIterations(S.HASH_ITER); matcher.setStoredCredentialsHexEncoded(false); CustomRealm realm = new CustomRealm(); realm.setCredentialsMatcher(matcher); AuthenticationInfo info = realm.getAuthenticationInfo(token); Assert.assertNotNull(info); } catch (Exception ex) { Assert.assertFalse(ex.getMessage(), true); } }
From source file:demo.learn.shiro.tool.PasswordMatcherTool.java
License:Apache License
/** * Main method./*www . j a va2 s . c om*/ * @param args Pass in plain text password, hashed password, * and salt. These arguments are generated from * {@link PasswordEncryptionTool}. * @throws ParseException */ @SuppressWarnings("static-access") public static void main(String[] args) throws ParseException { String username = ""; String plainTextPassword = "root"; String hashedPasswordBase64 = "ZzIkhapTVzGkhWRQqdUn2zod5npt9RJMSni8My6X+r8="; String saltBase64 = "BobnkcsIXcZGksA30eOySA=="; String realmName = ""; Option p = OptionBuilder.withArgName("password").hasArg().withDescription("plain text password") .isRequired(false).create('p'); Option h = OptionBuilder.withArgName("password").hasArg().withDescription("hashed password") .isRequired(false).create('h'); Option s = OptionBuilder.withArgName("salt").hasArg().withDescription("salt (Base64 encoded)") .isRequired(false).create('s'); Options options = new Options(); options.addOption(p); options.addOption(h); options.addOption(s); try { CommandLineParser parser = new BasicParser(); CommandLine cmd = parser.parse(options, args); if (cmd.hasOption("p")) { plainTextPassword = cmd.getOptionValue("p"); } if (cmd.hasOption("h")) { hashedPasswordBase64 = cmd.getOptionValue("h"); } if (cmd.hasOption("s")) { saltBase64 = cmd.getOptionValue("s"); } } catch (ParseException pe) { String cmdLineSyntax = "java -cp %CLASSPATH% demo.learn.shiro.tool.PasswordMatcherTool"; HelpFormatter formatter = new HelpFormatter(); formatter.printHelp(cmdLineSyntax, options, false); return; } SimpleByteSource salt = new SimpleByteSource(Base64.decode(saltBase64)); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashedPasswordBase64, salt, realmName); UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashIterations(S.HASH_ITER); matcher.setStoredCredentialsHexEncoded(false); matcher.setHashAlgorithmName(S.ALGORITHM_NAME); boolean result = matcher.doCredentialsMatch(token, info); System.out.println("match? " + result); }
From source file:net.noday.core.security.ShiroDbRealm.java
License:Apache License
/** * PasswordHash./* www . j av a 2s . c o m*/ */ @PostConstruct public void initCredentialsMatcher() { HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Digests.HASH_ALGORITHM); matcher.setHashIterations(Digests.HASH_INTERATIONS); matcher.setStoredCredentialsHexEncoded(false); // matcher.setHashSalted(true); {// ???????matcher hashedCredentialsMatcher = matcher; allowAllCredentialsMatcher = new AllowAllCredentialsMatcher(); } // setCredentialsMatcher(matcher); }
From source file:net.scran24.user.server.services.InitListener.java
License:Apache License
public void contextInitialized(ServletContextEvent contextEvent) { ServletContext context = contextEvent.getServletContext(); Map<String, String> configParams = new HashMap<String, String>(); Enumeration<String> paramNames = context.getInitParameterNames(); while (paramNames.hasMoreElements()) { String name = paramNames.nextElement(); configParams.put(name, context.getInitParameter(name)); }/*from w w w.j a va2s. c o m*/ AbstractModule configModule; try { Constructor<?> ctor = Class.forName(context.getInitParameter("config-module")) .getConstructor(Map.class); configModule = (AbstractModule) ctor.newInstance(configParams); } catch (InstantiationException | IllegalAccessException | ClassNotFoundException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) { throw new RuntimeException(e); } Injector injector = Guice.createInjector(configModule); context.setAttribute("intake24.injector", injector); WebEnvironment shiroEnvironment = (WebEnvironment) context .getAttribute(EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY); RealmSecurityManager securityManager = (RealmSecurityManager) shiroEnvironment.getSecurityManager(); ScranAuthRealm securityRealm = new ScranAuthRealm(injector.getInstance(DataStore.class)); HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME); credentialsMatcher.setStoredCredentialsHexEncoded(false); credentialsMatcher.setHashIterations(1024); securityRealm.setCredentialsMatcher(credentialsMatcher); securityManager.setRealm(securityRealm); }
From source file:no.priv.bang.ukelonn.web.security.dbrealm.UkelonnRealm.java
License:Apache License
@Activate public void activate() { HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher(); credentialsMatcher.setHashAlgorithmName("SHA-256"); credentialsMatcher.setStoredCredentialsHexEncoded(false); // base64 encoding, not hex credentialsMatcher.setHashIterations(1024); setCredentialsMatcher(credentialsMatcher); }