You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Stephen Russett <st...@digitalstate.ca> on 2020/04/18 19:37:23 UTC
DefaultPasswordService hashPassword() method would benefit from
javadoc clarification text
Hi
When using DefaultPasswordService there is a clarification that may be
helpful in the javadocs:
Consider that DefaultPasswordService is a HashingPasswordService.
HashingPasswordService has text:
https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/authc/credential/HashingPasswordService.java#L51-L57
that
says that anything passed to the hashPassword() method should be ByteSource.
The HashingPasswordService method is written as "Hash hashPassword(Object
plaintext)”
But in DefaultPasswordService the hashPassword() method which uses the same
“Object plaintext” argument contains helper code within the hashPassword
implementation that converts to ByteSource:
https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/authc/credential/DefaultPasswordService.java#L76
So when using DefaultPasswordService, it would seem you don't need to
convert to ByteSource, as the DefaultPasswordService’s hashPassword method
will do this for you. The problem is evident when using IDEs that inherit
the javadocs froms the Interface to provide javadoc descriptions for the
method.
Regards