Hi, I'm writing a webapp using Shiro for authentication.
Is there support in Shiro for users changing their password or for a "fogot password" workflow? I can't find one. If the general pattern is to roll your own, I have some specific questions: 1. How can I hash a plaintext password using Shiro's currently configured hashing settings? The hashing is done in my Shiro Realm object by a HashedCredentialsMatcher, but the "hashProvidedCredentials" method is protected. Am I expected to duplicate all the hashing settings and code in my app if I need to set a password rather than just verify it? 2. How should I update the database? The "JdbcRealm" has built in queries for reading the user's hashed passwords, but none for writing them. Am I expected to duplicate the schema and Jdbc code in my app if I need to set a password rather than just verify it? Thanks, Rich Richard Bradley Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 softwire Sunday Times Best Small Companies - UK top 25 five years running Web : www.softwire.com<http://www.softwire.com/> | Follow us on Twitter : @SoftwireUK<https://twitter.com/SoftwireUK> Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL Softwire Technology Limited. Registered in England no. 3824658. Registered Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 2FG
