List of usage examples for org.apache.shiro.crypto.hash SimpleHash getSalt
public ByteSource getSalt()
From source file:annis.security.ANNISUserRealm.java
License:Apache License
@Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { Validate.isInstanceOf(String.class, token.getPrincipal()); String userName = (String) token.getPrincipal(); if (userName.equals(anonymousUser)) { // for anonymous users the user name equals the Password, so hash the user name Sha256Hash hash = new Sha256Hash(userName); return new SimpleAuthenticationInfo(userName, hash.getBytes(), ANNISUserRealm.class.getName()); }//from w ww .j a v a2s . c o m User user = confManager.getUser(userName); if (user != null) { String passwordHash = user.getPasswordHash(); if (passwordHash != null) { if (passwordHash.startsWith("$")) { Shiro1CryptFormat fmt = new Shiro1CryptFormat(); Hash hashCredentials = fmt.parse(passwordHash); if (hashCredentials instanceof SimpleHash) { SimpleHash simpleHash = (SimpleHash) hashCredentials; Validate.isTrue(simpleHash.getIterations() == 1, "Hash iteration count must be 1 for every password hash!"); // actually set the information from the user file SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName, simpleHash.getBytes(), ANNISUserRealm.class.getName()); info.setCredentialsSalt(new SerializableByteSource(simpleHash.getSalt())); return info; } } else { // fallback unsalted hex hash SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(token.getPrincipal(), passwordHash, ANNISUserRealm.class.getName()); return info; } } } return null; }