Example usage for org.apache.shiro.crypto.hash.format Shiro1CryptFormat Shiro1CryptFormat

List of usage examples for org.apache.shiro.crypto.hash.format Shiro1CryptFormat Shiro1CryptFormat

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.crypto.hash.format.*
  5. Shiro1CryptFormat
  6. Shiro1CryptFormat

Introduction

In this page you can find the example usage for org.apache.shiro.crypto.hash.format Shiro1CryptFormat Shiro1CryptFormat.

Prototype

public Shiro1CryptFormat()

Source Link

Usage

From source file:annis.security.ANNISUserRealm.java

License:Apache License

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    Validate.isInstanceOf(String.class, token.getPrincipal());

    String userName = (String) token.getPrincipal();
    if (userName.equals(anonymousUser)) {
        // for anonymous users the user name equals the Password, so hash the user name
        Sha256Hash hash = new Sha256Hash(userName);
        return new SimpleAuthenticationInfo(userName, hash.getBytes(), ANNISUserRealm.class.getName());
    }/*from ww  w.  java 2s. c  o  m*/

    User user = confManager.getUser(userName);
    if (user != null) {
        String passwordHash = user.getPasswordHash();
        if (passwordHash != null) {
            if (passwordHash.startsWith("$")) {
                Shiro1CryptFormat fmt = new Shiro1CryptFormat();
                Hash hashCredentials = fmt.parse(passwordHash);
                if (hashCredentials instanceof SimpleHash) {
                    SimpleHash simpleHash = (SimpleHash) hashCredentials;

                    Validate.isTrue(simpleHash.getIterations() == 1,
                            "Hash iteration count must be 1 for every password hash!");

                    // actually set the information from the user file
                    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName,
                            simpleHash.getBytes(), ANNISUserRealm.class.getName());
                    info.setCredentialsSalt(new SerializableByteSource(simpleHash.getSalt()));
                    return info;
                }
            } else {
                // fallback unsalted hex hash
                SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(token.getPrincipal(), passwordHash,
                        ANNISUserRealm.class.getName());
                return info;
            }

        }
    }
    return null;
}

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@POST
@Path("users/{userName}/password")
@Consumes("text/plain")
@Produces("application/xml")
public Response changePassword(String newPassword, @PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");

    ANNISUserConfigurationManager confManager = getConfManager();
    ANNISUserRealm userRealm = getUserRealm();
    if (confManager != null && userRealm != null) {
        User user = confManager.getUser(userName);
        if (user == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }//w ww.j  a  v  a2  s  .c  om

        Shiro1CryptFormat format = new Shiro1CryptFormat();

        SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
        ByteSource salt = generator.nextBytes(128 / 8); // 128 bit

        Sha256Hash hash = new Sha256Hash(newPassword, salt, 1);
        user.setPasswordHash(format.format(hash));

        if (userRealm.updateUser(user)) {
            return Response.ok().entity(user).build();
        }
    }

    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build();
}

From source file:com.masslink.idea.zigbee.shiro.UserPasswordService.java

License:Apache License

public UserPasswordService() {
    this.hashFormatWarned = false;
    DefaultHashService defaultHashService = new DefaultHashService();
    defaultHashService.setHashAlgorithmName(ALGORITHM);
    defaultHashService.setHashIterations(ITERATIONS);
    defaultHashService.setGeneratePublicSalt(true); //always want generated salts for user passwords to be most secure
    defaultHashService.setPrivateSalt(new SimpleByteSource(SALT));
    this.hashService = defaultHashService;
    this.hashFormat = new Shiro1CryptFormat();
    this.hashFormatFactory = new DefaultHashFormatFactory();
}

From source file:org.hawk.service.server.users.servlet.shiro.UsersRealm.java

License:Open Source License

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (token instanceof UsernamePasswordToken) {
        final UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        final String username = upToken.getUsername();

        final UserStorage storage = UsersPlugin.getInstance().getStorage();
        final DB db = storage.getTxMaker().makeTx();
        try {/*from ww  w.  j a v  a 2s. co m*/
            final User user = storage.getUserMap(db).get(username);
            if (user == null) {
                return null;
            }
            Hash hash = new Shiro1CryptFormat().parse(user.getHashedPassword());
            return new UserInfo(user.getUsername(), hash);
        } finally {
            db.close();
        }
    }
    return null;
}