So this is in my pom.xml I have 0.2.0 version of tynamo security excluding apache shiro 1.0.0.incubating and instead using 1.1.0 of apache shiro.
my save user looks like this.. // begin save user RandomNumberGenerator rng = new SecureRandomNumberGenerator(); String byteSource = rng.nextBytes().toBase64(); String hashedPasswordBase64 = new Sha512Hash(password, byteSource.getBytes(), 1024).toBase64(); RegisterUser user = new RegisterUser(username, email, hashedPasswordBase64, byteSource); return this.userDao.createUser(user); // end save user. inside my jdbcSaltedRealm which extends JdbcRealm. it has these code. // begin code protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password, passwordSalt from users where username = ?"; @Override protected SaltedAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; String username = upToken.getUsername(); // Null username is invalid if (username == null) { throw new AccountException("Null usernames are not allowed by this realm."); } Connection conn = null; SaltedAuthenticationInfo info = null; try { conn = dataSource.getConnection(); PasswordWithSalt pws = getPasswordForUser(conn, username); if (pws == null) { throw new UnknownAccountException("No account found for user [" + username + "]"); } info = buildAuthenticationInfo(username, pws.getPassword(), pws.getSalt()); } catch (SQLException e) { final String message = "There was a SQL error while authenticating user [" + username + "]"; if (log.isErrorEnabled()) { log.error(message, e); } // Rethrow any SQL errors as an authentication exception throw new AuthenticationException(message, e); } finally { JdbcUtils.closeConnection(conn); } return info; } protected SaltedAuthenticationInfo buildAuthenticationInfo(String username, String password, ByteSource passwordSalt) { return new SimpleAuthenticationInfo(username, password, passwordSalt, getName()); } private PasswordWithSalt getPasswordForUser(Connection conn, String username) throws SQLException { PreparedStatement ps = null; ResultSet rs = null; String password = null; ByteSource salt = null; try { ps = conn.prepareStatement(authenticationQuery); ps.setString(1, username); // Execute query rs = ps.executeQuery(); // Loop over results - although we are only expecting one result, since usernames should be unique boolean foundResult = false; while (rs.next()) { // Check to ensure only one row is processed if (foundResult) { throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique."); } password = rs.getString(1); String saltString = rs.getString(2); salt = new SimpleByteSource(Base64.decode(saltString)); foundResult = true; } } finally { JdbcUtils.closeResultSet(rs); JdbcUtils.closeStatement(ps); } return new PasswordWithSalt(password, salt); } // my appmodule is like this. public void contributeWebSecurityManager(Configuration<Realm> configuration) { realm = new JdbcSaltedRealm(); realm.setDataSource(dataSource); realm.setAuthenticationQuery(AUTHENTICATION_QUERY); realm.setUserRolesQuery(USER_ROLES_QUERY); realm.setPermissionsQuery(PERMISSION_QUERY); realm.setPermissionsLookupEnabled(true); configuration.add(realm); } public void contributeApplicationDefaults(MappedConfiguration<String, String> configuration) { // 1 MB max file size, 5 MB request upload size. configuration.add(SecuritySymbols.SHOULD_LOAD_INI_FROM_CONFIG_PATH, "true"); } // now my shiro.ini is like this. [main] credentialsMatcher=org.apache.shiro.authc.credential.Sha512CredentialsMatcher # base64 encoding, not hex in this example: credentialsMatcher.storedCredentialsHexEncoded=false credentialsMatcher.hashIterations=1024 now whenever i logon i keep getting wrong username and password, is their a guide or sample on how to get hashing to work with tapestry tynamo security. i could get it working without hashing, but i rather add hashing to store salted password. thanks. -- View this message in context: http://tapestry.1045711.n5.nabble.com/tapestry-security-with-1-1-0-of-shiro-unable-to-get-sha512-login-working-tp3263653p3263653.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org