Hi, Les. Thanks for the pointer. I like this approach, and have spent the day confirming that I can theoretically get it to work.
I have been perusing the source code trying to figure out how Shiro reads the shiro.ini file into its configuration, so that I can use something similar for the password configuration (or at the very least, be able to locate the configuration file in the same location as shiro.ini). It is slow going. As for submitting a patch, I would like to, but I have not even been able to get the Shiro 1.2.2 source code to build successfully, so that is doubtful at the moment. If you are curious, "mvn clean compile" fails here, using Apache Maven 3.0.4: [ERROR] Failed to execute goal org.codehaus.mojo:dependency-maven-plugin:1.0:unpack (default) on project samples-spring: Unknown archiver type: No such archiver: '1\samples\spring-client\target\classes'. -> [Help 1] I'll report back next week when I make more progress. -- View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-tp7578763p7578792.html Sent from the Shiro User mailing list archive at Nabble.com.
