How to stock and use a shiro's salt from database

Question

I use shiro in application for the authenticate. I use hashed password with a salt and I store them in my database like this :

    private User createUserWithHas         


        

Answer 1

Have you looked at PasswordMatcher / PasswordService?

This already has all of the encoding/decoding/compare logic built-in. To use it:

Storing password in database:

PasswordService service = new DefaultPasswordService(); // or use injection or shiro.ini to populate this

private User createUserWithHashedPassword(String inName, String inFirstName, String inLastName, String inPassword){

  String hashedPasswordBase64 = service.encryptPassword(inPassword);

  return new User(inName,inFirstName,inLastName,hashedPasswordBase64,strSalt);
}

Then you can simply use PasswordMatcher as the matcher in your realm.

realm.setCredentialsMatcher(new PasswordMatcher());

or in shiro.ini:

matcher = org.apache.shiro.authc.credential.PasswordMatcher
realm.credentialsMatcher = $matcher