Oh, that makes a bit more sense now. I've used the PasswordService and PasswordManager now, but I'm still unable to authenticate. I turned up debugging some more, and now I get the following output: 17:21:55.123 [SSHThread] TRACE org.apache.shiro.util.ClassUtils - Unable to load clazz named [ff72007e587a7be71ffa92b598fef97ec0de1a1354a5e241f60d1806c9cd0351] from class loader [sun.misc.Launcher$AppClassLoader@13cb1eb] 17:21:55.123 [SSHThread] TRACE org.apache.shiro.util.ClassUtils - Unable to load class named [ff72007e587a7be71ffa92b598fef97ec0de1a1354a5e241f60d1806c9cd0351] from the thread context ClassLoader. Trying the current ClassLoader... 17:21:55.124 [SSHThread] TRACE org.apache.shiro.util.ClassUtils - Unable to load clazz named [ff72007e587a7be71ffa92b598fef97ec0de1a1354a5e241f60d1806c9cd0351] from class loader [sun.misc.Launcher$AppClassLoader@13cb1eb] 17:21:55.124 [SSHThread] TRACE org.apache.shiro.util.ClassUtils - Unable to load class named [ff72007e587a7be71ffa92b598fef97ec0de1a1354a5e241f60d1806c9cd0351] from the current ClassLoader. Trying the system/application ClassLoader... 17:21:55.124 [SSHThread] TRACE org.apache.shiro.util.ClassUtils - Unable to load clazz named [ff72007e587a7be71ffa92b598fef97ec0de1a1354a5e241f60d1806c9cd0351] from class loader [sun.misc.Launcher$AppClassLoader@13cb1eb]
The ff72... value is the hashed password, so shiro is reading from the database properly. However, the log messages indicate that it's trying to load a class with that name?? My database should be setup properly, with a table 'users' and columns 'password', 'password_salt', and 'username'. -Robert Middleton On Wed, Oct 29, 2014 at 2:35 PM, Konrad Zuse <[email protected]> wrote: > Sorry, ignore my last reply, was in the middle of typing it and was goin g > to finish it later since I didn't have time and clicked send... sorry all > again >( > > > You should, however, be using "passwordservice" and passwordmanager > > I don't have much time now, so I will reply again later with some code I > have using it. > > > check out this post though from Lez, who is the creator (at least I > believe he is one of them, if not the only one). > > > http://stackoverflow.com/questions/17048153/apache-shiro-using-hashing-credentials-can-not-make-login-successfully > > ------------------------------ > From: [email protected] > To: [email protected] > Subject: RE: Configuring Shiro Programatically > Date: Wed, 29 Oct 2014 14:33:21 -0400 > > > I don't think we used HashedCredentialsMatcher anymore, > > ------------------------------ > From: [email protected] > Date: Wed, 29 Oct 2014 15:26:12 +0100 > Subject: Re: Configuring Shiro Programatically > To: [email protected] > > You're probably missing a LifecycleUtils.init(realm); > > Log lines come from AuthenticatingRealm most probably because JdbcRealm > inherits those methods from AuthenticatingRealm. Typically loggers are > initialized with the class declaring them. > > On Wed, Oct 29, 2014 at 3:06 PM, Robert Middleton <[email protected] > > wrote: > > > Hi, > > I have set up shiro programatically using the following code: > > SQLiteConfig config = new SQLiteConfig(); > config.enforceForeignKeys( true ); > HashedCredentialsMatcher cm = new HashedCredentialsMatcher( "SHA-256" ); > cm.setHashIterations( 500000 ); > JdbcRealm realm = new JdbcRealm(); > org.sqlite.SQLiteDataSource ds = new org.sqlite.SQLiteDataSource( config ); > ds.setUrl( "jdbc:sqlite:light.db" ); > realm.setDataSource( ds ); > realm.setCredentialsMatcher( cm ); > realm.setSaltStyle( SaltStyle.COLUMN ); > SecurityManager ss = new DefaultSecurityManager( realm ); > SecurityUtils.setSecurityManager( ss ); > > However, when I try to authenticate a user, I can't log in. This worked > find before when I used shiro.ini with no encryption on the passwords. The > following debug information is printed out: > > 18:18:28.835 [SSHThread] DEBUG org.apache.shiro.realm.AuthenticatingRealm > - Looked up AuthenticationInfo [robert] from doGetAuthenticationInfo > 18:18:28.836 [SSHThread] DEBUG org.apache.shiro.realm.AuthenticatingRealm > - AuthenticationInfo caching is disabled for info [robert]. Submitted > token: [org.apache.shiro.authc.UsernamePasswordToken - robert, > rememberMe=false]. > 18:18:29.275 [SSHThread] DEBUG > org.apache.shiro.authc.credential.SimpleCredentialsMatcher - Performing > credentials equality check for tokenCredentials of type > [org.apache.shiro.crypto.hash.SimpleHash and accountCredentials of type > [org.apache.shiro.crypto.hash.SimpleHash] > 18:18:29.276 [SSHThread] DEBUG > org.apache.shiro.authc.credential.SimpleCredentialsMatcher - Both > credentials arguments can be easily converted to byte arrays. Performing > array equals comparison > 18:18:29.277 [SSHThread] ERROR > com.synexxus.gateway.connectors.SSHConnector - > org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials > for token [org.apache.shiro.authc.UsernamePasswordToken - robert, > rememberMe=false] did not match the expected credentials. > > Since I setup the realm for the SecurityManager to be a JdbcRealm, I would > expect that the log lines that come from > org.apache.shiro.realm.AuthenticatingRealm would in fact come from > org.apache.shiro.realm.jdbc.JdbcRealm. Why isn't this the case? > > > > > -- > *Alessio Stalla* | Software Architect > M: +39 340 7824743 | T: +39 010 566441 | F: +39 010 8900455 > [email protected] | www.manydesigns.com > > MANYDESIGNS s.r.l. > Via G. D'Annunzio, 2/51 | 16121 Genova (GE) | Italy >
