Example usage for org.apache.shiro.crypto SecureRandomNumberGenerator nextBytes

List of usage examples for org.apache.shiro.crypto SecureRandomNumberGenerator nextBytes

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.crypto.*
  5. SecureRandomNumberGenerator
  6. nextBytes

Introduction

In this page you can find the example usage for org.apache.shiro.crypto SecureRandomNumberGenerator nextBytes.

Prototype

public ByteSource nextBytes(int numBytes)

Source Link

Usage

From source file:annis.service.internal.AdminServiceImpl.java

License:Apache License

@POST
@Path("users/{userName}/password")
@Consumes("text/plain")
@Produces("application/xml")
public Response changePassword(String newPassword, @PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");

    ANNISUserConfigurationManager confManager = getConfManager();
    ANNISUserRealm userRealm = getUserRealm();
    if (confManager != null && userRealm != null) {
        User user = confManager.getUser(userName);
        if (user == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }//from  ww  w .  j ava 2s  .c om

        Shiro1CryptFormat format = new Shiro1CryptFormat();

        SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
        ByteSource salt = generator.nextBytes(128 / 8); // 128 bit

        Sha256Hash hash = new Sha256Hash(newPassword, salt, 1);
        user.setPasswordHash(format.format(hash));

        if (userRealm.updateUser(user)) {
            return Response.ok().entity(user).build();
        }
    }

    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build();
}

From source file:com.azaptree.services.security.domain.config.impl.HashServiceConfig.java

License:Apache License

public HashServiceConfig(final String name) {
    Assert.hasText(name, "name is required");
    this.name = name;
    hashAlgorithmName = "SHA-256";
    final SecureRandomNumberGenerator rng = new SecureRandomNumberGenerator();
    privateSalt = rng.nextBytes(32).getBytes();
    hashIterations = 1024 * 128;//  w w w  .ja v a 2s  .  c om
    secureRandomNumberGeneratorNextBytesSize = 32;
    validate();
}

From source file:com.meltmedia.cadmium.cli.AuthCommand.java

License:Apache License

/**
 * Hashes a password the shiro way.//w  ww  .  j  a  v  a2  s.  com
 * @return
 */
private String hashPasswordForShiro() {
    //Hash password
    HashFormatFactory HASH_FORMAT_FACTORY = new DefaultHashFormatFactory();
    SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
    int byteSize = 128 / 8;
    ByteSource salt = generator.nextBytes(byteSize);

    SimpleHash hash = new SimpleHash("SHA-256", password, salt, 10);

    HashFormat format = HASH_FORMAT_FACTORY.getInstance("shiro1");
    return format.format(hash);
}

From source file:test.com.azaptree.services.security.config.HashServiceConfigTest.java

License:Apache License

@Test
public void testHashService() {
    final SecureRandomNumberGenerator rng = new SecureRandomNumberGenerator();
    final byte[] privateSalt = rng.nextBytes(32).getBytes();
    final int hashIterations = 1024 * 128;
    final String algo = "SHA-256";
    final int nextBytesSize = 32;
    final HashServiceConfig config1 = new HashServiceConfig("testHash", privateSalt, hashIterations, algo,
            nextBytesSize);//  w w w .  j a v a 2s.c om
    log.info("hashConfig: {}", config1);
    final HashService hashService1 = config1.getHashService();
    final HashService hashService2 = config1.getHashService();

    final HashRequest req1 = new HashRequest.Builder().setSource("password").build();
    final Hash hash1 = hashService1.computeHash(req1);

    final HashRequest req2 = new HashRequest.Builder().setSource("password").setSalt(hash1.getSalt()).build();
    final Hash hash2 = hashService2.computeHash(req2);

    Assert.assertEquals(hash2.toBase64(), hash1.toBase64());
}