List of usage examples for org.apache.shiro.crypto.hash Sha256Hash Sha256Hash
public Sha256Hash(Object source, Object salt, int hashIterations)
From source file:annis.service.internal.AdminServiceImpl.java
License:Apache License
@POST @Path("users/{userName}/password") @Consumes("text/plain") @Produces("application/xml") public Response changePassword(String newPassword, @PathParam("userName") String userName) { Subject requestingUser = SecurityUtils.getSubject(); requestingUser.checkPermission("admin:write:user"); ANNISUserConfigurationManager confManager = getConfManager(); ANNISUserRealm userRealm = getUserRealm(); if (confManager != null && userRealm != null) { User user = confManager.getUser(userName); if (user == null) { return Response.status(Response.Status.NOT_FOUND).build(); }//from w w w . j av a2 s . c om Shiro1CryptFormat format = new Shiro1CryptFormat(); SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator(); ByteSource salt = generator.nextBytes(128 / 8); // 128 bit Sha256Hash hash = new Sha256Hash(newPassword, salt, 1); user.setPasswordHash(format.format(hash)); if (userRealm.updateUser(user)) { return Response.ok().entity(user).build(); } } return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build(); }
From source file:com.atsamour.habitatweave.controller.RegisterServlet.java
License:Open Source License
private void generatePassword(User user, String plainTextPassword) { RandomNumberGenerator rng = new SecureRandomNumberGenerator(); Object salt = rng.nextBytes(); // Now hash the plain-text password with the random salt and multiple // iterations and then Base64-encode the value (requires less space than Hex): String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64(); user.setPassword(hashedPasswordBase64); user.setSalt(salt.toString());//from w ww . j a v a 2 s. c o m }
From source file:com.bridge.utils.SecurityUtils.java
public static String[] digest(String password) { RandomNumberGenerator generator = new SecureRandomNumberGenerator(); String salt = generator.nextBytes(32).toBase64(); password = new Sha256Hash(password, salt, 1024).toBase64(); return new String[] { password, salt }; }
From source file:com.mycompany.shirofaces.SHA256.java
public static void main(String args[]) { RandomNumberGenerator rng = new SecureRandomNumberGenerator(); Object salt = rng.nextBytes(); String hashedPasswordBase64 = new Sha256Hash("juancho18", salt, 1024).toBase64(); Sha256Hash sha256Hash = new Sha256Hash("juancho18"); System.out.println("Clave sin salt: " + sha256Hash.toHex()); System.out.println("Clave con salt : " + hashedPasswordBase64); DefaultHashService hashService = new DefaultHashService(); hashService.setHashIterations(50000); // 500000 hashService.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME); hashService.setPrivateSalt(new SimpleByteSource("jumarome")); hashService.setGeneratePublicSalt(true); DefaultPasswordService passwordService = new DefaultPasswordService(); passwordService.setHashService(hashService); String salte = hashService.getPrivateSalt().toBase64(); String claveMaldita = passwordService.encryptPassword("unaep"); System.out.println("Miraaa: " + claveMaldita); System.out.println("private salt= " + salte); }
From source file:com.openqc.facades.UserFacade.java
/** * Attention: Username = Email //from w w w.j a v a2 s.c o m * @todo : changer ce comportement! * @param email * @param username * @param password * @return */ @Override public User register(String email, String username, String password) { User user = new User(); RandomNumberGenerator rng = new SecureRandomNumberGenerator(); Object salt = rng.nextBytes(); String hashedPasswordBase64 = new Sha256Hash(password, salt, 1024).toBase64(); user.setPassword(hashedPasswordBase64); user.setSalt(salt.toString()); user.setEmail(username); user.setUsername(username); em.persist(user); em.flush(); return user; }
From source file:com.streamreduce.util.SecurityUtil.java
License:Apache License
public static String issueRandomAPIToken() { // we need to see our tokens with a random value so the same one isn't generated // for the same user each time. RandomNumberGenerator rng = new SecureRandomNumberGenerator(); Object randomNumber = rng.nextBytes(); // we also use a user agent as a validation factor // so when we later validate the token, we also validate the user agent String secret = generateRandomString(); String salt = secret.concat(randomNumber.toString()); return new Sha256Hash(secret, salt, 1024).toBase64(); }
From source file:com.tensorwrench.shiro.realm.MongoUserPasswordRealm.java
License:Apache License
/** * Creates a user credential suitable for use with this realm. Intended for * creating the credentials to be inserted into the collection for later use. * /*from ww w.ja v a2 s .c om*/ */ public DBObject createUserCredentials(String username, String plainTextPassword) { ByteSource salt = rng.nextBytes(); BasicDBObject obj = new BasicDBObject(); obj.put("name", username); obj.put("password", new Sha256Hash(plainTextPassword, salt, hashIterations).toBase64()); obj.put("salt", salt.toBase64()); obj.put("algorithm", Sha256Hash.ALGORITHM_NAME); obj.put("hashIterations", hashIterations); return obj; }
From source file:controllers.UserApp.java
License:Apache License
/** * @param plainTextPassword plain text// ww w. j a va 2 s. c om * @param passwordSalt hash salt * @return hashed password */ public static String hashedPassword(String plainTextPassword, String passwordSalt) { if (plainTextPassword == null || passwordSalt == null) { throw new IllegalArgumentException("Bad password or passwordSalt!"); } return new Sha256Hash(plainTextPassword, ByteSource.Util.bytes(passwordSalt), HASH_ITERATIONS).toBase64(); }
From source file:demo.learn.shiro.pojo.User.java
License:Apache License
/** * Constructor./*w w w.ja v a2 s . c om*/ * @param username Username. * @param password Password. */ public User(String username, String password) { this.passwordSalt = S.RNG.nextBytes(); this.username = username; this.password = new Sha256Hash(password, this.passwordSalt, S.HASH_ITER).toBase64(); }
From source file:demo.learn.shiro.pojo.UserTest.java
License:Apache License
/** * Tests basic salting.// w w w . j a va 2s .co m */ @Test public void testBasicSalting() { try { String username = "root"; String plainTextPassword = "root"; RandomNumberGenerator rng = new SecureRandomNumberGenerator(); UsernamePasswordToken token = new UsernamePasswordToken(username, plainTextPassword); ByteSource salt = rng.nextBytes(); String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64(); SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, hashedPasswordBase64, salt, "learn.shiro"); HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); matcher.setHashIterations(1024); matcher.setStoredCredentialsHexEncoded(false); matcher.setHashAlgorithmName("SHA-256"); boolean result = matcher.doCredentialsMatch(token, info); Assert.assertEquals(true, result); } catch (Exception ex) { ex.printStackTrace(); Assert.assertEquals(ex.getMessage(), false, true); } }