You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Laci <fo...@freemail.hu> on 2012/05/24 12:00:20 UTC
JdbcRealm with Salt
Hi,
I would like to use org.apache.shiro.realm.jdbc.JdbcRealm. How can I
configure the saltStyle property of this realm?
My shiro.ini file:
[main]
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.saltStyle = ?
Is it possible to configure saltStyle somehow in shiro.ini file?
Thanks in advance.
Laci
--
View this message in context: http://shiro-user.582556.n2.nabble.com/JdbcRealm-with-Salt-tp7574859.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: JdbcRealm with Salt
Posted by Laci <fo...@freemail.hu>.
Hi Les Hazlewood,
Thanks for your help!
Bye,
Laci
--
View this message in context: http://shiro-user.582556.n2.nabble.com/JdbcRealm-with-Salt-tp7574859p7576485.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: JdbcRealm with Salt
Posted by Les Hazlewood <lh...@apache.org>.
P.S. That same GitHub sample project uses a JDBC Realm w/
PasswordMatcher config. It should be a good reference for your use
case.
Main project:
https://github.com/lhazlewood/simple-shiro-web-app/
The Shiro INI config w/ a JDBC realm and PasswordMatcher config:
https://github.com/lhazlewood/simple-shiro-web-app/blob/master/src/main/webapp/WEB-INF/shiro.ini
Cheers,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog: http://www.stormpath.com/blog
On Thu, May 24, 2012 at 9:38 AM, Les Hazlewood <lh...@apache.org> wrote:
> Hi Laci,
>
> Unless you're trying to configure this for legacy data, you probably
> don't want to do this - your JDBC Realm should probably be using a
> PasswordMatcher, which deals with salts internally:
>
> Read this: http://www.stormpath.com/blog/whats-new-apache-shiro-12
>
> The 'Password Service', 'Password Matcher' and 'Realm configuration' sections.
>
> Note however that we found a bug in 1.2 with the how the
> PasswordMatcher works with the JDBC Realm. A fix has already been
> checked in to subversion, so if you need it, you can use the Shiro
> 1.3.0-SNAPSHOT or 1.2.1-SNAPSHOT .jars. If you don't want to use
> them, you can copy and paste the following fix and use it in your
> project directly:
>
> https://github.com/lhazlewood/simple-shiro-web-app/blob/master/src/main/java/org/apache/shiro/authc/credential/TempFixPasswordMatcher.java
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com | 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog: http://www.stormpath.com/blog
>
>
> On Thu, May 24, 2012 at 3:00 AM, Laci <fo...@freemail.hu> wrote:
>> Hi,
>>
>> I would like to use org.apache.shiro.realm.jdbc.JdbcRealm. How can I
>> configure the saltStyle property of this realm?
>>
>> My shiro.ini file:
>>
>> [main]
>> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
>> jdbcRealm.permissionsLookupEnabled = true
>> jdbcRealm.saltStyle = ?
>>
>> Is it possible to configure saltStyle somehow in shiro.ini file?
>> Thanks in advance.
>>
>> Laci
>>
>> --
>> View this message in context: http://shiro-user.582556.n2.nabble.com/JdbcRealm-with-Salt-tp7574859.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
Re: JdbcRealm with Salt
Posted by Les Hazlewood <lh...@apache.org>.
Hi Laci,
Unless you're trying to configure this for legacy data, you probably
don't want to do this - your JDBC Realm should probably be using a
PasswordMatcher, which deals with salts internally:
Read this: http://www.stormpath.com/blog/whats-new-apache-shiro-12
The 'Password Service', 'Password Matcher' and 'Realm configuration' sections.
Note however that we found a bug in 1.2 with the how the
PasswordMatcher works with the JDBC Realm. A fix has already been
checked in to subversion, so if you need it, you can use the Shiro
1.3.0-SNAPSHOT or 1.2.1-SNAPSHOT .jars. If you don't want to use
them, you can copy and paste the following fix and use it in your
project directly:
https://github.com/lhazlewood/simple-shiro-web-app/blob/master/src/main/java/org/apache/shiro/authc/credential/TempFixPasswordMatcher.java
HTH,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog: http://www.stormpath.com/blog
On Thu, May 24, 2012 at 3:00 AM, Laci <fo...@freemail.hu> wrote:
> Hi,
>
> I would like to use org.apache.shiro.realm.jdbc.JdbcRealm. How can I
> configure the saltStyle property of this realm?
>
> My shiro.ini file:
>
> [main]
> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
> jdbcRealm.permissionsLookupEnabled = true
> jdbcRealm.saltStyle = ?
>
> Is it possible to configure saltStyle somehow in shiro.ini file?
> Thanks in advance.
>
> Laci
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/JdbcRealm-with-Salt-tp7574859.html
> Sent from the Shiro User mailing list archive at Nabble.com.