You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Phil Steitz (JIRA)" <ji...@apache.org> on 2011/06/29 01:52:28 UTC
[jira] [Commented] (SHIRO-277) JdbcRealm needs to be refactored
[ https://issues.apache.org/jira/browse/SHIRO-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13056897#comment-13056897 ]
Phil Steitz commented on SHIRO-277:
-----------------------------------
I am working on a patch for this and have a couple of questions.
First, the API for adding salt support. Here is one way to do it:
Add
protected byte[] getSaltForUser(String username)
and have the default implementation query the database using
protected String userSaltQuery = DEFAULT_USER_SALT_QUERY;
Exposing getSaltForUser enables users to override it with whatever salt-generation scheme they choose.
Sound OK?
Second, I noticed that there are no tests for JdbcRealm. In developing a test class, we need to decide how to create or simulate the realm database. Here are some options:
0) I see EasyMock is already used elsewhere, but that might be a little ugly / hard to follow.
1) derby
2) hsqldb
3) grab DBCP's Tester* classes
4) something else?
I would personally favor 1) or 2) but will use EasyMock (or whatever else) if we don't want to add any more test dependencies.
> JdbcRealm needs to be refactored
> --------------------------------
>
> Key: SHIRO-277
> URL: https://issues.apache.org/jira/browse/SHIRO-277
> Project: Shiro
> Issue Type: Improvement
> Components: Realms
> Affects Versions: 1.1.0
> Reporter: Ilya Pyatigorskiy
> Fix For: 1.2.0
>
>
> There are at least 2 obvious problems:
> 1) the javadoc for JdbcRealm.setPermissionsQuery suggests that the query is expected to have 3 columns ("containing the fully qualified name of the permission class, the permission name, and the permission actions (in that order)"), but the code actually looks only for 1 - permission actions on index 0
> 2) it doesn't support salt - checks only for password matching
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira