So this is in my pom.xml
I have 0.2.0 version of tynamo security excluding apache shiro
1.0.0.incubating and instead using 1.1.0 of apache shiro.
my save user looks like this..
// begin save user
RandomNumberGenerator rng = new SecureRandomNumberGenerator();
String byteSource = rng.nextBytes().toBase64();
String hashedPasswordBase64 = new Sha512Hash(password,
byteSource.getBytes(), 1024).toBase64();
RegisterUser user = new RegisterUser(username, email,
hashedPasswordBase64,
byteSource);
return this.userDao.createUser(user);
// end save user.
inside my jdbcSaltedRealm which extends JdbcRealm. it has these code.
// begin code
protected static final String DEFAULT_AUTHENTICATION_QUERY = "select
password, passwordSalt from users where username = ?";
@Override
protected SaltedAuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
// Null username is invalid
if (username == null) {
throw new AccountException("Null usernames are not allowed by
this realm.");
}
Connection conn = null;
SaltedAuthenticationInfo info = null;
try {
conn = dataSource.getConnection();
PasswordWithSalt pws = getPasswordForUser(conn, username);
if (pws == null) {
throw new UnknownAccountException("No account found for user
[" + username + "]");
}
info = buildAuthenticationInfo(username, pws.getPassword(),
pws.getSalt());
} catch (SQLException e) {
final String message = "There was a SQL error while
authenticating user [" + username + "]";
if (log.isErrorEnabled()) {
log.error(message, e);
}
// Rethrow any SQL errors as an authentication exception
throw new AuthenticationException(message, e);
} finally {
JdbcUtils.closeConnection(conn);
}
return info;
}
protected SaltedAuthenticationInfo buildAuthenticationInfo(String
username, String password, ByteSource passwordSalt) {
return new SimpleAuthenticationInfo(username, password,
passwordSalt, getName());
}
private PasswordWithSalt getPasswordForUser(Connection conn, String
username) throws SQLException {
PreparedStatement ps = null;
ResultSet rs = null;
String password = null;
ByteSource salt = null;
try {
ps = conn.prepareStatement(authenticationQuery);
ps.setString(1, username);
// Execute query
rs = ps.executeQuery();
// Loop over results - although we are only expecting one
result, since usernames should be unique
boolean foundResult = false;
while (rs.next()) {
// Check to ensure only one row is processed
if (foundResult) {
throw new AuthenticationException("More than one user
row found for user [" + username + "]. Usernames must be unique.");
}
password = rs.getString(1);
String saltString = rs.getString(2);
salt = new SimpleByteSource(Base64.decode(saltString));
foundResult = true;
}
} finally {
JdbcUtils.closeResultSet(rs);
JdbcUtils.closeStatement(ps);
}
return new PasswordWithSalt(password, salt);
}
// my appmodule is like this.
public void contributeWebSecurityManager(Configuration<Realm> configuration)
{
realm = new JdbcSaltedRealm();
realm.setDataSource(dataSource);
realm.setAuthenticationQuery(AUTHENTICATION_QUERY);
realm.setUserRolesQuery(USER_ROLES_QUERY);
realm.setPermissionsQuery(PERMISSION_QUERY);
realm.setPermissionsLookupEnabled(true);
configuration.add(realm);
}
public void contributeApplicationDefaults(MappedConfiguration<String,
String> configuration) {
// 1 MB max file size, 5 MB request upload size.
configuration.add(SecuritySymbols.SHOULD_LOAD_INI_FROM_CONFIG_PATH,
"true");
}
// now my shiro.ini is like this.
[main]
credentialsMatcher=org.apache.shiro.authc.credential.Sha512CredentialsMatcher
# base64 encoding, not hex in this example:
credentialsMatcher.storedCredentialsHexEncoded=false
credentialsMatcher.hashIterations=1024
now whenever i logon i keep getting wrong username and password, is their a
guide or sample on how to get hashing to work with tapestry tynamo security.
i could get it working without hashing, but i rather add hashing to store
salted password.
thanks.
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/tapestry-security-with-1-1-0-of-shiro-unable-to-get-sha512-login-working-tp3263653p3263653.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
