shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: IniRealm and Password Hashing
Date Fri, 06 May 2011 18:41:54 GMT
Hi Jared,

#1 should be supported OOTB - could you please open a Jira issue for it?

#2 is in the process of being solved in trunk as a new 'tools' module
and a 'hasher' submodule under that:

http://svn.apache.org/repos/asf/shiro/trunk/tools/hasher/

It's almost finished I think - it just hasn't been documented yet.  If
you're open to it, could you give it a try and tell us what you think?

Cheers,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

On Fri, May 6, 2011 at 5:26 AM, Jared Bunting
<jared.bunting@digitalreasoning.com> wrote:
> I recently learned that a customer of ours was interested in using the user/password
configuration in shiro.ini seriously.  So, I needed to hash the passwords in that file.  Due
to shiro's awesome flexibility, implementing this in the app was as simple as adding a new
credentials matcher in shiro.ini.
>
> However, there were two small complications that I ran into:
>
> 1. TextConfigurationRealm (and its subclasses) don't seem to have any way to specify
salts.
>
> 2. I couldn't find a simple way to generate the hashes to put in the ini file so I wrote
a fairly simple main method to hash passwords.
>
> So my question is this:  would there be interest in my adding these two pieces of functionality
to shiro?  I have the code for 2, and some ideas for 1, but I'd like to get some input on
the best way to go about that.
>
> Thanks,
> Jared

Mime
View raw message