I am attempting to use the Shiro JdbcRealm and SHA256 hashedcredentialsMatcher. I need to update a legacy database and assign the appropriate salt for each user (via a batch routine).
how do I get/set the salt for a given account using the Shiro framework?
With Shiro 1.2.3 all you need to do is:
Extend
JdbcRealmand set salt style.public class JdbcSaltRealm extends JdbcRealm { public JdbcSaltRealm() { setSaltStyle(SaltStyle.COLUMN); } }Update
shiro.inito use extended realm and to get salt column from DBcredentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher credentialsMatcher.hashAlgorithmName = SHA-256 jdbcRealm = com.mypackage.JdbcSaltRealm jdbcRealm.authenticationQuery = SELECT password, salt FROM user WHERE username = ? jdbcRealm.credentialsMatcher = $credentialsMatcherHash & salt current / new user passwords. This should be done for all existing users as well as on new user registrations.
private void saltHashPassword(String password) { String salt = new BigInteger(250, new SecureRandom()).toString(32); //TODO: save salt value to "salt" column in user table Sha256Hash hash = new Sha256Hash(password, (new SimpleByteSource(salt)).getBytes()); String saltedHashedPassword = hash.toHex(); //TODO: save saltedHashedPassword value to "password" column in user table }
I hope my answer is clear and understandable.
Maybe a bit late:
Have a look at this tutorial.
Meri, the guy who owns the blog, describes exactly how to create an own salted JDBC Realm.
This is also an acknowledged improvement in the community for version 1.3.0 .
Hope this helpes, have Fun!
来源:https://stackoverflow.com/questions/9266539/how-to-get-set-the-salt-for-a-jdbcrealm