So I checked in an example of a realm that uses per-password salt that doesn't require any code modifications from Shiro; this is what I have done in the past.
Some things to notice. I've decoupled the hash, the hash algorithm, and the final encoding into simple loosely coupled interfaces. Doing this we don't have the swiss army knife of AbstractHash. IMO, we should have a simple interface with implementations. Encoders should also be broken out and not aggregated. We also don't need the HashedCredentialsMatcher hierarchy either. Not a working example. Just a sketch for a starting point of discussions. Regards, Alan
