Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.5.2 / shiro-core / apidocs / org / apache / shiro / authc / credential / HashedCredentialsMatcher.html
blob: 5027e547fe63eaf4613810e9be05bc76676d0ba5 [file] [log] [blame]
<!DOCTYPE HTML>
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (11.0.6) on Mon Mar 23 13:34:45 EDT 2020 -->
<title>HashedCredentialsMatcher (Apache Shiro :: Core 1.5.2 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="dc.created" content="2020-03-23">
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../jquery/jquery-3.3.1.js"></script>
<script type="text/javascript" src="../../../../../jquery/jquery-migrate-3.0.1.js"></script>
<script type="text/javascript" src="../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="HashedCredentialsMatcher (Apache Shiro :: Core 1.5.2 API)";
}
}
catch(err) {
}
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":42,"i5":10,"i6":10,"i7":42,"i8":10,"i9":10,"i10":10,"i11":10,"i12":42,"i13":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"],32:["t6","Deprecated Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a id="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/HashedCredentialsMatcher.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>
<!-- ======== START OF CLASS DATA ======== -->
<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.apache.shiro.authc.credential</a></div>
<h2 title="Class HashedCredentialsMatcher" class="title">Class HashedCredentialsMatcher</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li>org.apache.shiro.codec.CodecSupport</li>
<li>
<ul class="inheritance">
<li><a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">org.apache.shiro.authc.credential.SimpleCredentialsMatcher</a></li>
<li>
<ul class="inheritance">
<li>org.apache.shiro.authc.credential.HashedCredentialsMatcher</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="CredentialsMatcher.html" title="interface in org.apache.shiro.authc.credential">CredentialsMatcher</a></code></dd>
</dl>
<dl>
<dt>Direct Known Subclasses:</dt>
<dd><code><a href="Md2CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Md2CredentialsMatcher</a></code>, <code><a href="Md5CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Md5CredentialsMatcher</a></code>, <code><a href="Sha1CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha1CredentialsMatcher</a></code>, <code><a href="Sha256CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha256CredentialsMatcher</a></code>, <code><a href="Sha384CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha384CredentialsMatcher</a></code>, <code><a href="Sha512CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha512CredentialsMatcher</a></code></dd>
</dl>
<hr>
<pre>public class <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.120">HashedCredentialsMatcher</a>
extends <a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></pre>
<div class="block">A <code>HashedCredentialMatcher</code> provides support for hashing of supplied <code>AuthenticationToken</code> credentials
before being compared to those in the <code>AuthenticationInfo</code> from the data store.
<p/>
Credential hashing is one of the most common security techniques when safeguarding a user's private credentials
(passwords, keys, etc). Most developers never want to store their users' credentials in plain form, viewable by
anyone, so they often hash the users' credentials before they are saved in the data store.
<p/>
This class (and its subclasses) function as follows:
<ol>
<li>Hash the <code>AuthenticationToken</code> credentials supplied by the user during their login.</li>
<li>Compare this hashed value directly with the <code>AuthenticationInfo</code> credentials stored in the system
(the stored account credentials are expected to already be in hashed form).</li>
<li>If these two values are <a href="SimpleCredentialsMatcher.html#equals(java.lang.Object,java.lang.Object)"><code>equal</code></a>, the submitted credentials match, otherwise
they do not.</li>
</ol>
<h2>Salting and Multiple Hash Iterations</h2>
Because simple hashing is usually not good enough for secure applications, this class also supports 'salting'
and multiple hash iterations. Please read this excellent
<a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a> to learn about
salting and multiple iterations and why you might want to use them. (Note of sections 5
&quot;Why add salt?&quot; and 6 "Hardening against the attacker's attack"). We should also note here that all of
Shiro's Hash implementations (for example, <code>Md5Hash</code>,
<code>Sha1Hash</code>, etc) support salting and multiple hash iterations via
overloaded constructors.
<h4>Real World Case Study</h4>
In April 2010, some public Atlassian Jira and Confluence
installations (Apache Software Foundation, Codehaus, etc) were the target of account attacks and user accounts
were compromised. The reason? Jira and Confluence at the time did not salt user passwords and attackers were
able to use dictionary attacks to compromise user accounts (Atlassian has since
<a href="http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html">
fixed the problem</a> of course).
<p/>
The lesson?
<p/>
<b>ALWAYS, ALWAYS, ALWAYS SALT USER PASSWORDS!</b>
<p/>
<h3>Salting</h3>
Prior to Shiro 1.1, salts could be obtained based on the end-user submitted
<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc"><code>AuthenticationToken</code></a> via the now-deprecated
<a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a> method. This however
could constitute a security hole since ideally salts should never be obtained based on what a user can submit.
User-submitted salt mechanisms are <em>much</em> more susceptible to dictionary attacks and <b>SHOULD NOT</b> be
used in secure systems. Instead salts should ideally be a secure randomly-generated number that is generated when
the user account is created. The secure number should never be disseminated to the user and always kept private
by the application.
<h4>Shiro 1.1</h4>
As of Shiro 1.1, it is expected that any salt used to hash the submitted credentials will be obtained from the
stored account information (represented as an <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> instance). This is much
more secure because the salt value remains private to the application (Shiro will never store this value).
<p/>
To enable this, <code>Realm</code>s should return <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instances
during authentication. <code>HashedCredentialsMatcher</code> implementations will then use the provided
<a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>credentialsSalt</code></a> for hashing. To avoid
security risks,
<b>it is highly recommended that any existing <code>Realm</code> implementations that support hashed credentials are
updated to return <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instances as soon as possible</b>.
<h4>Shiro 1.0 Backwards Compatibility</h4>
Because of the identified security risk, <code>Realm</code> implementations that support credentials hashing should
be updated to return <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instances as
soon as possible.
<p/>
If this is not possible for some reason, this class will retain 1.0 backwards-compatible behavior of obtaining
the salt via the now-deprecated <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a> method. This
method will only be invoked if a <code>Realm</code> <em>does not</em> return
<a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAutenticationInfo</code></a> instances and <a href="#isHashSalted()"><code>hashSalted</code></a> is
<code>true</code>.
But please note that the <a href="#isHashSalted()"><code>hashSalted</code></a> property and the
<a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a> methods will be removed before the Shiro 2.0
release.
<h3>Multiple Hash Iterations</h3>
If you hash your users' credentials multiple times before persisting to the data store, you will also need to
set this class's <a href="#setHashIterations(int)"><code>hashIterations</code></a> property. See the
<a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a>'s
<a href="http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack">
&quot;Hardening against the attacker's attack&quot;</a> section to learn more about why you might want to use
multiple hash iterations.
<h2>MD5 &amp; SHA-1 Notice</h2>
<a href="http://en.wikipedia.org/wiki/MD5">MD5</a> and
<a href="http://en.wikipedia.org/wiki/SHA_hash_functions">SHA-1</a> algorithms are now known to be vulnerable to
compromise and/or collisions (read the linked pages for more). While most applications are ok with either of these
two, if your application mandates high security, use the SHA-256 (or higher) hashing algorithms and their
supporting <code>CredentialsMatcher</code> implementations.</div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>0.9</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><code>Md5Hash</code>,
<code>Sha1Hash</code>,
<code>Sha256Hash</code></dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- =========== FIELD SUMMARY =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="field.summary">
<!-- -->
</a>
<h3>Field Summary</h3>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.codec.CodecSupport">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.codec.CodecSupport</h3>
<code>PREFERRED_ENCODING</code></li>
</ul>
</li>
</ul>
</section>
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="#%3Cinit%3E()">HashedCredentialsMatcher</a></span>()</code></th>
<td class="colLast">
<div class="block">JavaBeans-compatible no-arg constructor intended for use in IoC/Dependency Injection environments.</div>
</td>
</tr>
<tr class="rowColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="#%3Cinit%3E(java.lang.String)">HashedCredentialsMatcher</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;hashAlgorithmName)</code></th>
<td class="colLast">
<div class="block">Creates an instance using the specified <a href="#getHashAlgorithmName()"><code>hashAlgorithmName</code></a> to hash submitted
credentials.</div>
</td>
</tr>
</table>
</li>
</ul>
</section>
<!-- ========== METHOD SUMMARY =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t6" class="tableTab"><span><a href="javascript:show(32);">Deprecated Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">doCredentialsMatch</a></span>&#8203;(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;info)</code></th>
<td class="colLast">
<div class="block">This implementation first hashes the <code>token</code>'s credentials, potentially using a
<code>salt</code> if the <code>info</code> argument is a
<a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a>.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getCredentials(org.apache.shiro.authc.AuthenticationInfo)">getCredentials</a></span>&#8203;(<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;info)</code></th>
<td class="colLast">
<div class="block">Returns a <code>Hash</code> instance representing the already-hashed AuthenticationInfo credentials stored in the system.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getHashAlgorithmName()">getHashAlgorithmName</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the <code>Hash</code> <code>algorithmName</code> to use
when performing hashes for credentials matching.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>int</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getHashIterations()">getHashIterations</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before
comparing to the credentials stored in the system.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)">getSalt</a></span>&#8203;(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">since Shiro 1.1.</div>
</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>protected org.apache.shiro.crypto.hash.Hash</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#hashProvidedCredentials(java.lang.Object,java.lang.Object,int)">hashProvidedCredentials</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;credentials,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;salt,
int&nbsp;hashIterations)</code></th>
<td class="colLast">
<div class="block">Hashes the provided credentials a total of <code>hashIterations</code> times, using the given salt.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#hashProvidedCredentials(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">hashProvidedCredentials</a></span>&#8203;(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;info)</code></th>
<td class="colLast">
<div class="block">Hash the provided <code>token</code>'s credentials using the salt stored with the account if the
<code>info</code> instance is an <code>instanceof</code> <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> (see
the class-level JavaDoc for why this is the preferred approach).</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isHashSalted()">isHashSalted</a></span>()</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">since Shiro 1.1.</div>
</div>
</td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isStoredCredentialsHexEncoded()">isStoredCredentialsHexEncoded</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns <code>true</code> if the system's stored credential hash is Hex encoded, <code>false</code> if it
is Base64 encoded.</div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code>protected org.apache.shiro.crypto.hash.AbstractHash</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#newHashInstance()">newHashInstance</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns a new, <em>uninitialized</em> instance, without its byte array set.</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setHashAlgorithmName(java.lang.String)">setHashAlgorithmName</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;hashAlgorithmName)</code></th>
<td class="colLast">
<div class="block">Sets the <code>Hash</code> <code>algorithmName</code> to use
when performing hashes for credentials matching.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setHashIterations(int)">setHashIterations</a></span>&#8203;(int&nbsp;hashIterations)</code></th>
<td class="colLast">
<div class="block">Sets the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before comparing
to the credentials stored in the system.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setHashSalted(boolean)">setHashSalted</a></span>&#8203;(boolean&nbsp;hashSalted)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">since Shiro 1.1.</div>
</div>
</td>
</tr>
<tr id="i13" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setStoredCredentialsHexEncoded(boolean)">setStoredCredentialsHexEncoded</a></span>&#8203;(boolean&nbsp;storedCredentialsHexEncoded)</code></th>
<td class="colLast">
<div class="block">Sets the indicator if this system's stored credential hash is Hex encoded or not.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.authc.credential.SimpleCredentialsMatcher">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.authc.credential.<a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></h3>
<code><a href="SimpleCredentialsMatcher.html#equals(java.lang.Object,java.lang.Object)">equals</a>, <a href="SimpleCredentialsMatcher.html#getCredentials(org.apache.shiro.authc.AuthenticationToken)">getCredentials</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.codec.CodecSupport">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.codec.CodecSupport</h3>
<code>isByteSource, objectToBytes, objectToString, toBytes, toBytes, toBytes, toBytes, toBytes, toBytes, toBytes, toChars, toChars, toString, toString, toString</code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang" class="externalLink">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang" class="externalLink">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang" class="externalLink">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang" class="externalLink">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang" class="externalLink">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang" class="externalLink">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang" class="externalLink">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang" class="externalLink">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long,int)" title="class or interface in java.lang" class="externalLink">wait</a></code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>HashedCredentialsMatcher</h4>
<pre>public&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.135">HashedCredentialsMatcher</a>()</pre>
<div class="block">JavaBeans-compatible no-arg constructor intended for use in IoC/Dependency Injection environments. If you
use this constructor, you <em>MUST</em> also additionally set the
<a href="#setHashAlgorithmName(java.lang.String)"><code>hashAlgorithmName</code></a> property.</div>
</li>
</ul>
<a id="&lt;init&gt;(java.lang.String)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>HashedCredentialsMatcher</h4>
<pre>public&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.149">HashedCredentialsMatcher</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;hashAlgorithmName)</pre>
<div class="block">Creates an instance using the specified <a href="#getHashAlgorithmName()"><code>hashAlgorithmName</code></a> to hash submitted
credentials.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>hashAlgorithmName</code> - the <code>Hash</code> <code>algorithmName</code>
to use when performing hashes for credentials matching.</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.1</dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
<!-- ============ METHOD DETAIL ========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a id="getHashAlgorithmName()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getHashAlgorithmName</h4>
<pre class="methodSignature">public&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.165">getHashAlgorithmName</a>()</pre>
<div class="block">Returns the <code>Hash</code> <code>algorithmName</code> to use
when performing hashes for credentials matching.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <code>Hash</code> <code>algorithmName</code> to use
when performing hashes for credentials matching.</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.1</dd>
</dl>
</li>
</ul>
<a id="setHashAlgorithmName(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setHashAlgorithmName</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.177">setHashAlgorithmName</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;hashAlgorithmName)</pre>
<div class="block">Sets the <code>Hash</code> <code>algorithmName</code> to use
when performing hashes for credentials matching.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>hashAlgorithmName</code> - the <code>Hash</code> <code>algorithmName</code>
to use when performing hashes for credentials matching.</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.1</dd>
</dl>
</li>
</ul>
<a id="isStoredCredentialsHexEncoded()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isStoredCredentialsHexEncoded</h4>
<pre class="methodSignature">public&nbsp;boolean&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.192">isStoredCredentialsHexEncoded</a>()</pre>
<div class="block">Returns <code>true</code> if the system's stored credential hash is Hex encoded, <code>false</code> if it
is Base64 encoded.
<p/>
Default value is <code>true</code> for convenience - all of Shiro's <code>Hash#toString()</code>
implementations return Hex encoded values by default, making this class's use with those implementations
easier.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if the system's stored credential hash is Hex encoded, <code>false</code> if it
is Base64 encoded. Default is <code>true</code></dd>
</dl>
</li>
</ul>
<a id="setStoredCredentialsHexEncoded(boolean)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setStoredCredentialsHexEncoded</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.209">setStoredCredentialsHexEncoded</a>&#8203;(boolean&nbsp;storedCredentialsHexEncoded)</pre>
<div class="block">Sets the indicator if this system's stored credential hash is Hex encoded or not.
<p/>
A value of <code>true</code> will cause this class to decode the system credential from Hex, a
value of <code>false</code> will cause this class to decode the system credential from Base64.
<p/>
Unless overridden via this method, the default value is <code>true</code> for convenience - all of Shiro's
<code>Hash#toString()</code> implementations return Hex encoded values by default, making this class's use with
those implementations easier.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>storedCredentialsHexEncoded</code> - the indicator if this system's stored credential hash is Hex
encoded or not ('not' automatically implying it is Base64 encoded).</dd>
</dl>
</li>
</ul>
<a id="isHashSalted()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isHashSalted</h4>
<pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Deprecated.html?is-external=true" title="class or interface in java.lang" class="externalLink">@Deprecated</a>
public&nbsp;boolean&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.236">isHashSalted</a>()</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">since Shiro 1.1. Hash salting is now expected to be based on if the <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a>
returned from the <code>Realm</code> is a <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instance and its
<a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>getCredentialsSalt()</code></a> method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the <code>Realm</code> does not return
<code>SaltedAuthenticationInfo</code> instances, but <b>it is highly recommended that <code>Realm</code> implementations
that support hashed credentials start returning <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a>
instances as soon as possible</b>.
<p/>
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.</div>
</div>
<div class="block">Returns <code>true</code> if a submitted <code>AuthenticationToken</code>'s credentials should be salted when hashing,
<code>false</code> if it should not be salted.
<p/>
If enabled, the salt used will be obtained via the <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt</code></a> method.
<p/>
The default value is <code>false</code>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if a submitted <code>AuthenticationToken</code>'s credentials should be salted when hashing,
<code>false</code> if it should not be salted.</dd>
</dl>
</li>
</ul>
<a id="setHashSalted(boolean)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setHashSalted</h4>
<pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Deprecated.html?is-external=true" title="class or interface in java.lang" class="externalLink">@Deprecated</a>
public&nbsp;void&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.262">setHashSalted</a>&#8203;(boolean&nbsp;hashSalted)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">since Shiro 1.1. Hash salting is now expected to be based on if the <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a>
returned from the <code>Realm</code> is a <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instance and its
<a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>getCredentialsSalt()</code></a> method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the <code>Realm</code> does not return
<code>SaltedAuthenticationInfo</code> instances, but <b>it is highly recommended that <code>Realm</code> implementations
that support hashed credentials start returning <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a>
instances as soon as possible</b>.
<p/>
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.</div>
</div>
<div class="block">Sets whether or not to salt a submitted <code>AuthenticationToken</code>'s credentials when hashing.
<p/>
If enabled, the salt used will be obtained via the <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getCredentialsSalt</code></a> method.
</p>
The default value is <code>false</code>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>hashSalted</code> - whether or not to salt a submitted <code>AuthenticationToken</code>'s credentials when hashing.</dd>
</dl>
</li>
</ul>
<a id="getHashIterations()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getHashIterations</h4>
<pre class="methodSignature">public&nbsp;int&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.276">getHashIterations</a>()</pre>
<div class="block">Returns the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before
comparing to the credentials stored in the system.
<p/>
Unless overridden, the default value is <code>1</code>, meaning a normal hash execution will occur.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before
comparing to the credentials stored in the system.</dd>
</dl>
</li>
</ul>
<a id="setHashIterations(int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setHashIterations</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.291">setHashIterations</a>&#8203;(int&nbsp;hashIterations)</pre>
<div class="block">Sets the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before comparing
to the credentials stored in the system.
<p/>
Unless overridden, the default value is <code>1</code>, meaning a normal single hash execution will occur.
<p/>
If this argument is less than 1 (i.e. 0 or negative), the default value of 1 is applied. There must always be
at least 1 hash iteration (otherwise there would be no hash).</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>hashIterations</code> - the number of times to hash a submitted <code>AuthenticationToken</code>'s credentials.</dd>
</dl>
</li>
</ul>
<a id="getSalt(org.apache.shiro.authc.AuthenticationToken)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getSalt</h4>
<pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Deprecated.html?is-external=true" title="class or interface in java.lang" class="externalLink">@Deprecated</a>
protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.320">getSalt</a>&#8203;(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">since Shiro 1.1. Hash salting is now expected to be based on if the <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a>
returned from the <code>Realm</code> is a <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instance and its
<a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>getCredentialsSalt()</code></a> method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the <code>Realm</code> does not return
<code>SaltedAuthenticationInfo</code> instances, but <b>it is highly recommended that <code>Realm</code> implementations
that support hashed credentials start returning <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a>
instances as soon as possible</b>.<p/>
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.</div>
</div>
<div class="block">Returns a salt value used to hash the token's credentials.
<p/>
This default implementation merely returns <code>token.getPrincipal()</code>, effectively using the user's
identity (username, user id, etc) as the salt, a most common technique. If you wish to provide the
authentication token's salt another way, you may override this method.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>token</code> - the AuthenticationToken submitted during the authentication attempt.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>a salt value to use to hash the authentication token's credentials.</dd>
</dl>
</li>
</ul>
<a id="getCredentials(org.apache.shiro.authc.AuthenticationInfo)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getCredentials</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.344">getCredentials</a>&#8203;(<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;info)</pre>
<div class="block">Returns a <code>Hash</code> instance representing the already-hashed AuthenticationInfo credentials stored in the system.
<p/>
This method reconstructs a <code>Hash</code> instance based on a <code>info.getCredentials</code> call,
but it does <em>not</em> hash that value - it is expected that method call will return an already-hashed value.
<p/>
This implementation's reconstruction effort functions as follows:
<ol>
<li>Convert <code>account.getCredentials()</code> to a byte array via the <code>toBytes</code> method.
<li>If <code>account.getCredentials()</code> was originally a String or char[] before <code>toBytes</code> was
called, check for encoding:
<li>If <a href="#storedCredentialsHexEncoded"><code>storedCredentialsHexEncoded</code></a>, Hex decode that byte array, otherwise
Base64 decode the byte array</li>
<li>Set the byte[] array directly on the <code>Hash</code> implementation and return it.</li>
</ol></div>
<dl>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="SimpleCredentialsMatcher.html#getCredentials(org.apache.shiro.authc.AuthenticationInfo)">getCredentials</a></code>&nbsp;in class&nbsp;<code><a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>info</code> - the AuthenticationInfo from which to retrieve the credentials which assumed to be in already-hashed form.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>a <code>Hash</code> instance representing the given AuthenticationInfo's stored credentials.</dd>
</dl>
</li>
</ul>
<a id="doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doCredentialsMatch</h4>
<pre class="methodSignature">public&nbsp;boolean&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.377">doCredentialsMatch</a>&#8203;(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;info)</pre>
<div class="block">This implementation first hashes the <code>token</code>'s credentials, potentially using a
<code>salt</code> if the <code>info</code> argument is a
<a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a>. It then compares the hash
against the <code>AuthenticationInfo</code>'s
<a href="#getCredentials(org.apache.shiro.authc.AuthenticationInfo)"><code>already-hashed credentials</code></a>. This method
returns <code>true</code> if those two values are <a href="SimpleCredentialsMatcher.html#equals(java.lang.Object,java.lang.Object)"><code>equal</code></a>, <code>false</code> otherwise.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="CredentialsMatcher.html#doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">doCredentialsMatch</a></code>&nbsp;in interface&nbsp;<code><a href="CredentialsMatcher.html" title="interface in org.apache.shiro.authc.credential">CredentialsMatcher</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="SimpleCredentialsMatcher.html#doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">doCredentialsMatch</a></code>&nbsp;in class&nbsp;<code><a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>token</code> - the <code>AuthenticationToken</code> submitted during the authentication attempt.</dd>
<dd><code>info</code> - the <code>AuthenticationInfo</code> stored in the system matching the token principal</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if the provided token credentials hash match to the stored account credentials hash,
<code>false</code> otherwise</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.1</dd>
</dl>
</li>
</ul>
<a id="hashProvidedCredentials(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>hashProvidedCredentials</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.402">hashProvidedCredentials</a>&#8203;(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a>&nbsp;token,
<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a>&nbsp;info)</pre>
<div class="block">Hash the provided <code>token</code>'s credentials using the salt stored with the account if the
<code>info</code> instance is an <code>instanceof</code> <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> (see
the class-level JavaDoc for why this is the preferred approach).
<p/>
If the <code>info</code> instance is <em>not</em>
an <code>instanceof</code> <code>SaltedAuthenticationInfo</code>, the logic will fall back to Shiro 1.0
backwards-compatible logic: it will first check to see <a href="#isHashSalted()"><code>isHashSalted</code></a> and if so, will try
to acquire the salt from <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a>. See the class-level
JavaDoc for why this is not recommended. This 'fallback' logic exists only for backwards-compatibility.
<code>Realm</code>s should be updated as soon as possible to return <code>SaltedAuthenticationInfo</code> instances
if account credentials salting is enabled (highly recommended for password-based systems).</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>token</code> - the submitted authentication token from which its credentials will be hashed</dd>
<dd><code>info</code> - the stored account data, potentially used to acquire a salt</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the token credentials hash</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.1</dd>
</dl>
</li>
</ul>
<a id="hashProvidedCredentials(java.lang.Object,java.lang.Object,int)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>hashProvidedCredentials</h4>
<pre class="methodSignature">protected&nbsp;org.apache.shiro.crypto.hash.Hash&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.443">hashProvidedCredentials</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;credentials,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;salt,
int&nbsp;hashIterations)</pre>
<div class="block">Hashes the provided credentials a total of <code>hashIterations</code> times, using the given salt. The hash
implementation/algorithm used is based on the <a href="#getHashAlgorithmName()"><code>hashAlgorithmName</code></a> property.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>credentials</code> - the submitted authentication token's credentials to hash</dd>
<dd><code>salt</code> - the value to salt the hash, or <code>null</code> if a salt will not be used.</dd>
<dd><code>hashIterations</code> - the number of times to hash the credentials. At least one hash will always occur though,
even if this argument is 0 or negative.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the hashed value of the provided credentials, according to the specified salt and hash iterations.</dd>
</dl>
</li>
</ul>
<a id="newHashInstance()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>newHashInstance</h4>
<pre class="methodSignature">protected&nbsp;org.apache.shiro.crypto.hash.AbstractHash&nbsp;<a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.454">newHashInstance</a>()</pre>
<div class="block">Returns a new, <em>uninitialized</em> instance, without its byte array set. Used as a utility method in the
<a href="SimpleCredentialsMatcher.html#getCredentials(org.apache.shiro.authc.AuthenticationInfo)"><code>getCredentials(AuthenticationInfo)</code></a> implementation.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>a new, <em>uninitialized</em> instance, without its byte array set.</dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>
<!-- ========= END OF CLASS DATA ========= -->
<footer role="contentinfo">
<nav role="navigation">
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a id="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/HashedCredentialsMatcher.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</nav>
<p class="legalCopy"><small>Copyright &#169; 2004&#x2013;2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p>
</footer>
</body>
</html>