Match hashed passwords

[Luís Soares <lm...@mediacapital.pt>]

Hi all,

I would like to ask you how to "manually" use the
HashedCredentialsMatcher configured before.


Why?
Because I want to test if the user entered the correct password (not in
the login, but in the "change password" functionality).



Thank you and regards,
Luís Soares


Esta mensagem e quaisquer ficheiros anexos podem conter informação confidencial ou de uso restrito. Se não for o destinatário da mesma por favor notifique imediatamente o seu remetente e proceda à sua destruição. Não poderá revelar, copiar, distribuir ou de alguma forma usar o seu conteúdo. O Grupo Media Capital e suas associadas utilizam software de anti-virus. No entanto, não obstante terem sido tomadas todas as precauções, não é garantido que a mensagem ou os seus anexos não contenham vírus.

This message, including any attachments, may contain confidential information or privileged material. If you are not the intended recipient please notify the sender immediately by e-mail and delete it from your system. You should not disseminate, distribute or copy this e-mail or disclose its content. We believe, but do not warrant, that this e-mail, including any attachments, is virus free.

Re: Match hashed passwords

[lsoares <ls...@gmail.com>]

Just to confirm... this is not currently possible, right?
Only in Shiro 1.2...

What about how to get the current realm (so I can get the current
credentials matcher)?

--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Match-hashed-passwords-tp7070871p7107988.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Re: Match hashed passwords

[Luís Soares <lm...@mediacapital.pt>]

Hi Les,


I mean.. if you want to offer a way to change user's password, you need
to ask him the old password and the new password right?

But before the actual change, you need to check if the old password
matches with the stored one.

This is the comparison I want to make.


PS. I know how to get the realm and then the corresponding hashed
credentials matcher.. but that is a long code with some casts. I believe
there must be other way.

Thanks


On Thu, 2011-12-08 at 17:03 +0000, Les Hazlewood wrote:
> Hi Luis,
>
> What do you mean for 'change password' functionality?
>
> Can you please explain exactly what you are trying to do?  Then I
> think we can give a targeted answer.
>
> Thanks,
>



Esta mensagem e quaisquer ficheiros anexos podem conter informação confidencial ou de uso restrito. Se não for o destinatário da mesma por favor notifique imediatamente o seu remetente e proceda à sua destruição. Não poderá revelar, copiar, distribuir ou de alguma forma usar o seu conteúdo. O Grupo Media Capital e suas associadas utilizam software de anti-virus. No entanto, não obstante terem sido tomadas todas as precauções, não é garantido que a mensagem ou os seus anexos não contenham vírus.

This message, including any attachments, may contain confidential information or privileged material. If you are not the intended recipient please notify the sender immediately by e-mail and delete it from your system. You should not disseminate, distribute or copy this e-mail or disclose its content. We believe, but do not warrant, that this e-mail, including any attachments, is virus free.

Re: Match hashed passwords

[Les Hazlewood <lh...@apache.org>]

Hi Luis,

What do you mean for 'change password' functionality?

Can you please explain exactly what you are trying to do?  Then I
think we can give a targeted answer.

Thanks,

-- 
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com

2011/12/7 Luís Soares <lm...@mediacapital.pt>:
> Hi all,
>
> I would like to ask you how to "manually" use the
> HashedCredentialsMatcher configured before.
>
>
> Why?
> Because I want to test if the user entered the correct password (not in
> the login, but in the "change password" functionality).
>
>
>
> Thank you and regards,
> Luís Soares
>
>
> Esta mensagem e quaisquer ficheiros anexos podem conter informação confidencial ou de uso restrito. Se não for o destinatário da mesma por favor notifique imediatamente o seu remetente e proceda à sua destruição. Não poderá revelar, copiar, distribuir ou de alguma forma usar o seu conteúdo. O Grupo Media Capital e suas associadas utilizam software de anti-virus. No entanto, não obstante terem sido tomadas todas as precauções, não é garantido que a mensagem ou os seus anexos não contenham vírus.
>
> This message, including any attachments, may contain confidential information or privileged material. If you are not the intended recipient please notify the sender immediately by e-mail and delete it from your system. You should not disseminate, distribute or copy this e-mail or disclose its content. We believe, but do not warrant, that this e-mail, including any attachments, is virus free.