You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by mixtou <mi...@gmail.com> on 2018/08/02 07:24:01 UTC
Shiro Configuration
I would like to ask if someone could post an example of SHiro configuration
implementing Hashed Passwords Authentication without extending/implementing
any custom Realm or SaltedAuthentificationInfo??
Is this possible? I haven't found any complete example. In my Project i have
a mysql database and i would like to implement authentication using Hashed
Passwords Saved in database.
My shiro.ini is the following:
[main]
ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = 127.0.0.1
ds.port = 3306
ds.user = histopathUser
ds.password = h1s+0p@+h
ds.databaseName = histopath.gr
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $ds
jdbcRealm.authenticationQuery = "SELECT password, salt FROM User WHERE email
= ? AND activated = 0"
jdbcRealm.userRolesQuery = "SELECT roleName FROM UserRole WHERE email = ?"
# jdbcRealm.permissionsQuery = "SELECT permission FROM RolesPermissions
WHERE roleName = ?"
authc.usernameParam = email
authc.passwordParam = password
authc.failureKeyAttribute = shiroLoginFailure
hashService = org.apache.shiro.crypto.hash.DefaultHashService
hashService.hashIterations = 1024
hashService.hashAlgorithmName = SHA-256
hashService.generatePublicSalt = false
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordService.hashService = $hashService
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
jdbcRealm.credentialsMatcher = $passwordMatcher
# credentialsMatcher =
org.apache.shiro.authc.credential.Sha256CredentialsMatcher
# credentialsMatcher =
org.apache.shiro.authc.credential.HashedCredentialsMatcher
# credentialsMatcher.hashAlgorithmName = SHA-256
# credentialsMatcher.hashIterations = 1024
# credentialsMatcher.storedCredentialsHexEncoded = false
# jdbcRealm.credentialsMatcher = $credentialsMatcher
jdbcRealm.permissionsLookupEnabled = false
shiro.loginUrl = /authentication/login
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.sessionIdCookieEnabled = false
# ssl.enabled = false
securityManager.realms = $jdbcRealm
[users]
[roles]
[urls]
/authentication/login = authc
/authentication/logout = logout
/doctors/* = authc
/users/new = anon
/users/details/* = anon
/users/* = authc
/* = anon
My Authentication Login Function is:
@POST
@Path("login")
@Produces(MediaType.TEXT_PLAIN)
public boolean login(Authentication authData) {
System.out.println("Param email: " + authData.getEmail());
System.out.println("Param password: " + authData.getPassword());
if (!subject.isAuthenticated()) {
UsernamePasswordToken token = new
UsernamePasswordToken(authData.getEmail(), authData.getPassword());
try {
System.out.println("Trying to authenticate with token");
subject.login(token);
System.out.println("User [" +
subject.getPrincipal().toString() + "] logged in successfully.");
return true;
} catch (UnknownAccountException uae) {
log.error("Username Not Found!", uae);
System.out.println("Username Not Found!");
uae.printStackTrace();
} catch (IncorrectCredentialsException ice) {
log.error("Invalid Credentials!", ice);
System.out.println("Invalid Credentials!");
ice.printStackTrace();
} catch (LockedAccountException lae) {
log.error("Your Account is Locked!", lae);
System.out.println("Your Account is Locked!");
lae.printStackTrace();
} catch (AuthenticationException ae) {
log.error("Unexpected Error!", ae);
System.err.println("Unexpected Error!");
ae.printStackTrace();
} catch (Exception ex) {
System.out.println(ex.getMessage());
ex.printStackTrace();
}
} else {
return true;
}
return false;
}
My Registration Function:
@POST
@Path("new")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public String create(User requestBody) {
System.err.println("NEW User");
// System.out.println("WTF ==== " + requestBody.getBirthday());
// System.out.println("lalala: " + requestBody.getPermition());
User user = new User();
user.setFirstName(requestBody.getFirstName());
user.setLastName(requestBody.getLastName());
user.setEmail(requestBody.getEmail());
// user.setPassword(requestBody.getPassword());
// Do Something With Salt Per User Random Generation or
Something like it
//================================================================================================================
RandomNumberGenerator rng = new SecureRandomNumberGenerator();
String salt = rng.nextBytes().toBase64();
String hashedPasswordBase64 = new
Sha256Hash(requestBody.getPassword(), salt, 1024).toBase64();
user.setSalt(salt);
user.setPassword(hashedPasswordBase64);
user.setActivated(false);
boolean result = userDAO.persist(user);
userDAO.closeEntityManager();
if (result) {
return ReturnResults.results(new ArrayList<User>(asList(user)));
}
return "{}";
}
However in login function in subject.login(token) i gets error:
Unexpected Error!
org.apache.shiro.authc.AuthenticationException: There was a SQL error while
authenticating user [lala@gmail.com]
at
org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:260)
at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
at
gr.histopath.platform.controllers.authentication.AuthenticationController.login(AuthenticationController.java:45)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:243)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at
org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:764)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1388)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.sql.SQLException: Parameter index out of range (1 > number
of parameters, which is 0).
at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:545)
at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:513)
at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:505)
at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:479)
at
com.mysql.cj.jdbc.PreparedStatement.checkBounds(PreparedStatement.java:3246)
at
com.mysql.cj.jdbc.PreparedStatement.setInternal(PreparedStatement.java:3230)
at
com.mysql.cj.jdbc.PreparedStatement.setString(PreparedStatement.java:4025)
at
org.apache.shiro.realm.jdbc.JdbcRealm.getPasswordForUser(JdbcRealm.java:287)
at
org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:227)
... 70 more
What am i doing wrong??? Please Help
Is it possible to setup hashed passwords authentication in shiro without
implementing custom classes of Realm and SaltedAuthentificationInfo??
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Shiro Configuration
Posted by philip <ph...@whiuk.com>.
I had to use a minimal custom realm to set the SaltStyle, but it's not
overly complex.
class OurJdbcRealm extends JdbcRealm {
setSaltStyle(JdbcRealm.SaltStyle.COLUMN)
override def supports(token: AuthenticationToken) = {
true
}
}
credentialsMatcher =
org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.hashIterations = 1024
# This next property is only needed in Shiro 1.0. Remove it in 1.1 and
later:
credentialsMatcher.hashSalted = true
ourRealm = package.subpackage.OurJdbcRealm
ourRealm.credentialsMatcher = $credentialsMatcher
ourRealm.dataSource = $ds
ourRealm.permissionsQuery = select permission from rolesPermissions
where role_name = ?
ourRealm.userRolesQuery = select role_name from userRoles where username
= ?
ourRealm.authenticationQuery = select password, password_salt from users
where username = ?
CREATE TABLE users (
username VARCHAR NOT NULL,
password TEXT NOT NULL,
password_salt TEXT NOT NULL,
PRIMARY KEY (username)
)
CREATE TABLE userRoles (
username VARCHAR NOT NULL,
role_name VARCHAR NOT NULL
)
CREATE TABLE rolesPermissions (
role_name VARCHAR NOT NULL,
permission VARCHAR NOT NULL
)
That said 1024 rounds of SHA-256 isn't best practice any more - should
transition to PKBDF or BCRYPT for new stuff.
-Philip Whitehouse
On 2018-08-02 08:24, mixtou wrote:
> I would like to ask if someone could post an example of SHiro
> configuration
> implementing Hashed Passwords Authentication without
> extending/implementing
> any custom Realm or SaltedAuthentificationInfo??
> Is this possible? I haven't found any complete example. In my Project i
> have
> a mysql database and i would like to implement authentication using
> Hashed
> Passwords Saved in database.
> My shiro.ini is the following:
>
> [main]
> ds = com.mysql.cj.jdbc.MysqlDataSource
> ds.serverName = 127.0.0.1
> ds.port = 3306
> ds.user = histopathUser
> ds.password = h1s+0p@+h
> ds.databaseName = histopath.gr
>
> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
> jdbcRealm.dataSource = $ds
>
> jdbcRealm.authenticationQuery = "SELECT password, salt FROM User WHERE
> email
> = ? AND activated = 0"
> jdbcRealm.userRolesQuery = "SELECT roleName FROM UserRole WHERE email =
> ?"
> # jdbcRealm.permissionsQuery = "SELECT permission FROM RolesPermissions
> WHERE roleName = ?"
>
> authc.usernameParam = email
> authc.passwordParam = password
> authc.failureKeyAttribute = shiroLoginFailure
>
>
> hashService = org.apache.shiro.crypto.hash.DefaultHashService
> hashService.hashIterations = 1024
> hashService.hashAlgorithmName = SHA-256
> hashService.generatePublicSalt = false
>
> passwordService =
> org.apache.shiro.authc.credential.DefaultPasswordService
> passwordService.hashService = $hashService
>
> passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
> passwordMatcher.passwordService = $passwordService
>
> jdbcRealm.credentialsMatcher = $passwordMatcher
>
> # credentialsMatcher =
> org.apache.shiro.authc.credential.Sha256CredentialsMatcher
> # credentialsMatcher =
> org.apache.shiro.authc.credential.HashedCredentialsMatcher
> # credentialsMatcher.hashAlgorithmName = SHA-256
> # credentialsMatcher.hashIterations = 1024
> # credentialsMatcher.storedCredentialsHexEncoded = false
> # jdbcRealm.credentialsMatcher = $credentialsMatcher
>
>
> jdbcRealm.permissionsLookupEnabled = false
>
> shiro.loginUrl = /authentication/login
>
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> sessionManager =
> org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
> securityManager.sessionManager.sessionIdCookieEnabled = false
>
> # ssl.enabled = false
>
> securityManager.realms = $jdbcRealm
>
> [users]
>
> [roles]
>
> [urls]
>
> /authentication/login = authc
> /authentication/logout = logout
>
> /doctors/* = authc
>
> /users/new = anon
> /users/details/* = anon
> /users/* = authc
>
> /* = anon
>
>
> My Authentication Login Function is:
>
> @POST
> @Path("login")
> @Produces(MediaType.TEXT_PLAIN)
> public boolean login(Authentication authData) {
> System.out.println("Param email: " + authData.getEmail());
> System.out.println("Param password: " +
> authData.getPassword());
> if (!subject.isAuthenticated()) {
> UsernamePasswordToken token = new
> UsernamePasswordToken(authData.getEmail(), authData.getPassword());
> try {
> System.out.println("Trying to authenticate with
> token");
> subject.login(token);
> System.out.println("User [" +
> subject.getPrincipal().toString() + "] logged in successfully.");
> return true;
> } catch (UnknownAccountException uae) {
> log.error("Username Not Found!", uae);
> System.out.println("Username Not Found!");
> uae.printStackTrace();
> } catch (IncorrectCredentialsException ice) {
> log.error("Invalid Credentials!", ice);
> System.out.println("Invalid Credentials!");
> ice.printStackTrace();
> } catch (LockedAccountException lae) {
> log.error("Your Account is Locked!", lae);
> System.out.println("Your Account is Locked!");
> lae.printStackTrace();
> } catch (AuthenticationException ae) {
> log.error("Unexpected Error!", ae);
> System.err.println("Unexpected Error!");
> ae.printStackTrace();
> } catch (Exception ex) {
> System.out.println(ex.getMessage());
> ex.printStackTrace();
> }
> } else {
> return true;
> }
>
> return false;
> }
>
>
> My Registration Function:
>
> @POST
> @Path("new")
> @Consumes(MediaType.APPLICATION_JSON)
> @Produces(MediaType.APPLICATION_JSON)
> public String create(User requestBody) {
>
> System.err.println("NEW User");
>
> // System.out.println("WTF ==== " + requestBody.getBirthday());
> // System.out.println("lalala: " + requestBody.getPermition());
>
> User user = new User();
> user.setFirstName(requestBody.getFirstName());
> user.setLastName(requestBody.getLastName());
> user.setEmail(requestBody.getEmail());
> // user.setPassword(requestBody.getPassword());
>
> // Do Something With Salt Per User Random Generation or
> Something like it
> //================================================================================================================
>
> RandomNumberGenerator rng = new SecureRandomNumberGenerator();
> String salt = rng.nextBytes().toBase64();
> String hashedPasswordBase64 = new
> Sha256Hash(requestBody.getPassword(), salt, 1024).toBase64();
> user.setSalt(salt);
> user.setPassword(hashedPasswordBase64);
>
> user.setActivated(false);
>
> boolean result = userDAO.persist(user);
> userDAO.closeEntityManager();
>
> if (result) {
> return ReturnResults.results(new
> ArrayList<User>(asList(user)));
> }
> return "{}";
> }
>
> However in login function in subject.login(token) i gets error:
>
> Unexpected Error!
> org.apache.shiro.authc.AuthenticationException: There was a SQL error
> while
> authenticating user [lala@gmail.com]
> at
> org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:260)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
> at
> gr.histopath.platform.controllers.authentication.AuthenticationController.login(AuthenticationController.java:45)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at
> org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
> at
> org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:243)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
> at
> org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
> at
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
> at
> org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
> at
> org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
> at
> org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
> at
> org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
> at
> org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
> at
> org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
> at
> org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
> at
> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
> at
> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
> at
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
> at
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
> at
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:764)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1388)
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.sql.SQLException: Parameter index out of range (1 >
> number
> of parameters, which is 0).
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:545)
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:513)
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:505)
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:479)
> at
> com.mysql.cj.jdbc.PreparedStatement.checkBounds(PreparedStatement.java:3246)
> at
> com.mysql.cj.jdbc.PreparedStatement.setInternal(PreparedStatement.java:3230)
> at
> com.mysql.cj.jdbc.PreparedStatement.setString(PreparedStatement.java:4025)
> at
> org.apache.shiro.realm.jdbc.JdbcRealm.getPasswordForUser(JdbcRealm.java:287)
> at
> org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:227)
> ... 70 more
>
> What am i doing wrong??? Please Help
> Is it possible to setup hashed passwords authentication in shiro
> without
> implementing custom classes of Realm and SaltedAuthentificationInfo??
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/