You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Phil Steitz (JIRA)" <ji...@apache.org> on 2011/06/29 01:52:28 UTC

[jira] [Commented] (SHIRO-277) JdbcRealm needs to be refactored

    [ https://issues.apache.org/jira/browse/SHIRO-277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13056897#comment-13056897 ] 

Phil Steitz commented on SHIRO-277:
-----------------------------------

I am working on a patch for this and have a couple of questions.

First, the API for adding salt support.  Here is one way to do it:

Add
protected byte[] getSaltForUser(String username)
and have the default implementation query the database using
protected String userSaltQuery = DEFAULT_USER_SALT_QUERY;
Exposing getSaltForUser enables users to override it with whatever salt-generation scheme they choose.

Sound OK?

Second, I noticed that there are no tests for JdbcRealm.  In developing a test class, we need to decide how to create or simulate the realm database.  Here are some options:

0) I see EasyMock is already used elsewhere, but that might be a little ugly / hard to follow.

1) derby

2) hsqldb

3) grab DBCP's Tester* classes 

4) something else?

I would personally favor 1) or 2)  but will use EasyMock (or whatever else) if we don't want to add any more test dependencies.






> JdbcRealm needs to be refactored
> --------------------------------
>
>                 Key: SHIRO-277
>                 URL: https://issues.apache.org/jira/browse/SHIRO-277
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Realms 
>    Affects Versions: 1.1.0
>            Reporter: Ilya Pyatigorskiy
>             Fix For: 1.2.0
>
>
> There are at least 2 obvious problems:
> 1) the javadoc for JdbcRealm.setPermissionsQuery suggests that the query is expected to have 3 columns ("containing the fully qualified name of the permission class, the permission name, and the permission actions (in that order)"), but the code actually looks only for 1 - permission actions on index 0
> 2) it doesn't support salt - checks only for password matching

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira