Stormpath has built-in workflows so you don’t have to develop them yourself. This actually was the primary reason we started using Stormapth and are very happy with it’s other features.
> On Dec 7, 2015, at 8:56 AM, Brian Demers <[email protected]> wrote: > > Answers inline: > > On Mon, Dec 7, 2015 at 5:57 AM, Richard Bradley <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > > > I’m writing a webapp using Shiro for authentication. > > > > > > Is there support in Shiro for users changing their password or for a “fogot > password” workflow? I can’t find one. > > > > Typically, passwords are stored in some user store (database, LDAP/AD, SSO, > etc), so when it comes to resetting passwords, that likely falls onto you. > We can point you in the right direction though, what Realm(s) are you using? > > > > > > > If the general pattern is to roll your own, I have some specific questions: > > > > 1. How can I hash a plaintext password using Shiro’s currently configured > hashing settings? > > > Look at PasswordService: > https://shiro.apache.org/static/1.2.2/apidocs/org/apache/shiro/authc/credential/PasswordService.html > > <https://shiro.apache.org/static/1.2.2/apidocs/org/apache/shiro/authc/credential/PasswordService.html> > > Or lower level you can look at: org.apache.shiro.cyrpto.hash > https://github.com/apache/shiro/tree/1.2.x/core/src/main/java/org/apache/shiro/crypto/hash > > <https://github.com/apache/shiro/tree/1.2.x/core/src/main/java/org/apache/shiro/crypto/hash> > > The hashing is done in my Shiro Realm object by a HashedCredentialsMatcher, > but the “hashProvidedCredentials” method is protected. Am I expected to > duplicate all the hashing settings and code in my app if I need to set a > password rather than just verify it? > > > > 2. How should I update the database? The “JdbcRealm” has built in queries for > reading the user’s hashed passwords, but none for writing them. Am I expected > to duplicate the schema and Jdbc code in my app if I need to set a password > rather than just verify it? > > > This probably answers my question above about which Realm are you using. > Depending on how you have implemented the backing DB table, depends on how > you would update it. Updates are much harder to make generic, and is not > really in the scope of Shiro. (For example, maybe the JDBC realm accesses a > view instead of a table) > > > I'd like to hear other thoughts on this. > > > > > > > > > Thanks, > > > > > > Rich > > > > > Richard Bradley > Tel : 020 7485 7500 ext 3230 | Fax : 020 7485 7575 > > softwire > Sunday Times Best Small Companies - UK top 25 five years running > Web : www.softwire.com <http://www.softwire.com/> | Follow us on Twitter : > @SoftwireUK <https://twitter.com/SoftwireUK> > Addr : 110 Highgate Studios, 53-79 Highgate Road, London NW5 1TL > Softwire Technology Limited. Registered in England no. 3824658. Registered > Office : Gallery Court, 28 Arcadia Avenue, Finchley, London. N3 2FG >
