You won't use Shiro to populate the data source - you can write the data into your data source (RDBMS, NoSQL system, whatever) however you like.
How you store the credentials in your data source is entirely up to you, but you should never ever store the password as plain text. You can store the credentials hash as a single column and store the salt as a separate column, or store them in one column, or even break it up into multiple data sources for higher security. These two articles explain this a bit more in detail: http://www.katasoft.com/blog/2011/04/04/strong-password-hashing-apache-shiro http://www.katasoft.com/blog/2011/06/07/strong-password-hashing-part-2 Also, the Realm documentation's "Credentials Matching" section provides an example of how this might be done in an application: http://shiro.apache.org/realm.html This demonstrates one example, but there are a few ways to store this information. However you store it, the most important point is to return a SaltedAuthenticationInfo back to Shiro in your Realm implementation's getAuthenticationInfo method (see the 'SaltedAuthenticationInfo' section in the Realm documentation). HTH, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com
