You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2010/06/16 04:52:22 UTC

[jira] Created: (SHIRO-176) AuthenticationInfo instances should be able to return stored salt

AuthenticationInfo instances should be able to return stored salt
-----------------------------------------------------------------

                 Key: SHIRO-176
                 URL: https://issues.apache.org/jira/browse/SHIRO-176
             Project: Shiro
          Issue Type: Improvement
    Affects Versions: 0.9-RC1, 0.9, 1.0.0, 1.0.1
            Reporter: Les Hazlewood
             Fix For: 1.1.0


When comparing credentials hashed with a salt, the salt value should be easily accessible from the AuthenticationInfo instance.  Perhaps a new SaltedAuthenticationInfo interface should be introduced (and have the UsernamePasswordToken implement this interface) in order to easily acquire a salt.

Currently the HashedCredentialsMatcher attempts to acquire the salt from the AuthenticationToken.  However, the large majority of the time, the salt will be stored with the AuthenticationInfo and it should be possible to acquire it from that.

After adding the new interface, the HashedCredentialsMatcher will need a new method: getStoredCredentials(token, authcInfo) or something similar.  The default implementation can simply call the existing getCredentials(token) method by default to retain current behavior.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SHIRO-176) AuthenticationInfo instances should be able to return stored salt

Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kalle Korhonen resolved SHIRO-176.
----------------------------------

    Resolution: Duplicate

> AuthenticationInfo instances should be able to return stored salt
> -----------------------------------------------------------------
>
>                 Key: SHIRO-176
>                 URL: https://issues.apache.org/jira/browse/SHIRO-176
>             Project: Shiro
>          Issue Type: Improvement
>    Affects Versions: 0.9-RC1, 0.9, 1.0.0, 1.0.1
>            Reporter: Les Hazlewood
>             Fix For: 1.1.0
>
>
> When comparing credentials hashed with a salt, the salt value should be easily accessible from the AuthenticationInfo instance.  Perhaps a new SaltedAuthenticationInfo interface should be introduced (and have the UsernamePasswordToken implement this interface) in order to easily acquire a salt.
> Currently the HashedCredentialsMatcher attempts to acquire the salt from the AuthenticationToken.  However, the large majority of the time, the salt will be stored with the AuthenticationInfo and it should be possible to acquire it from that.
> After adding the new interface, the HashedCredentialsMatcher will need a new method: getStoredCredentials(token, authcInfo) or something similar.  The default implementation can simply call the existing getCredentials(token) method by default to retain current behavior.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.