| <!DOCTYPE HTML> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc --> |
| <title>HashedCredentialsMatcher (Apache Shiro :: Core 1.10.1 API)</title> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style"> |
| <link rel="stylesheet" type="text/css" href="../../../../../jquery/jquery-ui.min.css" title="Style"> |
| <link rel="stylesheet" type="text/css" href="../../../../../jquery-ui.overrides.css" title="Style"> |
| <script type="text/javascript" src="../../../../../script.js"></script> |
| <script type="text/javascript" src="../../../../../jquery/jszip/dist/jszip.min.js"></script> |
| <script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script> |
| <!--[if IE]> |
| <script type="text/javascript" src="../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script> |
| <![endif]--> |
| <script type="text/javascript" src="../../../../../jquery/jquery-3.6.0.min.js"></script> |
| <script type="text/javascript" src="../../../../../jquery/jquery-ui.min.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="HashedCredentialsMatcher (Apache Shiro :: Core 1.10.1 API)"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":42,"i5":10,"i6":10,"i7":42,"i8":10,"i9":10,"i10":10,"i11":10,"i12":42,"i13":10}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"],32:["t6","Deprecated Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| var pathtoroot = "../../../../../"; |
| var useModuleDirectories = true; |
| loadScripts(document, 'script');</script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <header role="banner"> |
| <nav role="navigation"> |
| <div class="fixedNav"><!-- Matomo --> <script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ /* We explicitly disable cookie tracking to avoid privacy issues */ _paq.push(['disableCookies']); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//matomo.privacy.apache.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '2']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code --> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a id="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a id="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../index.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/HashedCredentialsMatcher.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../../allclasses.html">All Classes</a></li> |
| </ul> |
| <ul class="navListSearch"> |
| <li><label for="search">SEARCH:</label> |
| <input type="text" id="search" value="search" disabled="disabled"> |
| <input type="reset" id="reset" value="reset" disabled="disabled"> |
| </li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#field.summary">Field</a> | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a id="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| </div> |
| <div class="navPadding"> </div> |
| <script type="text/javascript"><!-- |
| $('.navPadding').css('padding-top', $('.fixedNav').css("height")); |
| //--> |
| </script> |
| </nav> |
| </header> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <main role="main"> |
| <div class="header"> |
| <div class="subTitle"><span class="packageLabelInType">Package</span> <a href="package-summary.html">org.apache.shiro.authc.credential</a></div> |
| <h2 title="Class HashedCredentialsMatcher" class="title">Class HashedCredentialsMatcher</h2> |
| </div> |
| <div class="contentContainer"> |
| <ul class="inheritance"> |
| <li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">java.lang.Object</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li>org.apache.shiro.codec.CodecSupport</li> |
| <li> |
| <ul class="inheritance"> |
| <li><a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">org.apache.shiro.authc.credential.SimpleCredentialsMatcher</a></li> |
| <li> |
| <ul class="inheritance"> |
| <li>org.apache.shiro.authc.credential.HashedCredentialsMatcher</li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Implemented Interfaces:</dt> |
| <dd><code><a href="CredentialsMatcher.html" title="interface in org.apache.shiro.authc.credential">CredentialsMatcher</a></code></dd> |
| </dl> |
| <dl> |
| <dt>Direct Known Subclasses:</dt> |
| <dd><code><a href="Md2CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Md2CredentialsMatcher</a></code>, <code><a href="Md5CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Md5CredentialsMatcher</a></code>, <code><a href="Sha1CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha1CredentialsMatcher</a></code>, <code><a href="Sha256CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha256CredentialsMatcher</a></code>, <code><a href="Sha384CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha384CredentialsMatcher</a></code>, <code><a href="Sha512CredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">Sha512CredentialsMatcher</a></code></dd> |
| </dl> |
| <hr> |
| <pre>public class <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.120">HashedCredentialsMatcher</a> |
| extends <a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></pre> |
| <div class="block">A <code>HashedCredentialMatcher</code> provides support for hashing of supplied <code>AuthenticationToken</code> credentials |
| before being compared to those in the <code>AuthenticationInfo</code> from the data store. |
| <p/> |
| Credential hashing is one of the most common security techniques when safeguarding a user's private credentials |
| (passwords, keys, etc). Most developers never want to store their users' credentials in plain form, viewable by |
| anyone, so they often hash the users' credentials before they are saved in the data store. |
| <p/> |
| This class (and its subclasses) function as follows: |
| <ol> |
| <li>Hash the <code>AuthenticationToken</code> credentials supplied by the user during their login.</li> |
| <li>Compare this hashed value directly with the <code>AuthenticationInfo</code> credentials stored in the system |
| (the stored account credentials are expected to already be in hashed form).</li> |
| <li>If these two values are <a href="SimpleCredentialsMatcher.html#equals(java.lang.Object,java.lang.Object)"><code>equal</code></a>, the submitted credentials match, otherwise |
| they do not.</li> |
| </ol> |
| <h2>Salting and Multiple Hash Iterations</h2> |
| Because simple hashing is usually not good enough for secure applications, this class also supports 'salting' |
| and multiple hash iterations. Please read this excellent |
| <a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a> to learn about |
| salting and multiple iterations and why you might want to use them. (Note of sections 5 |
| "Why add salt?" and 6 "Hardening against the attacker's attack"). We should also note here that all of |
| Shiro's Hash implementations (for example, <code>Md5Hash</code>, |
| <code>Sha1Hash</code>, etc) support salting and multiple hash iterations via |
| overloaded constructors. |
| <h4>Real World Case Study</h4> |
| In April 2010, some public Atlassian Jira and Confluence |
| installations (Apache Software Foundation, Codehaus, etc) were the target of account attacks and user accounts |
| were compromised. The reason? Jira and Confluence at the time did not salt user passwords and attackers were |
| able to use dictionary attacks to compromise user accounts (Atlassian has since |
| <a href="http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html"> |
| fixed the problem</a> of course). |
| <p/> |
| The lesson? |
| <p/> |
| <b>ALWAYS, ALWAYS, ALWAYS SALT USER PASSWORDS!</b> |
| <p/> |
| <h3>Salting</h3> |
| Prior to Shiro 1.1, salts could be obtained based on the end-user submitted |
| <a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc"><code>AuthenticationToken</code></a> via the now-deprecated |
| <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a> method. This however |
| could constitute a security hole since ideally salts should never be obtained based on what a user can submit. |
| User-submitted salt mechanisms are <em>much</em> more susceptible to dictionary attacks and <b>SHOULD NOT</b> be |
| used in secure systems. Instead salts should ideally be a secure randomly-generated number that is generated when |
| the user account is created. The secure number should never be disseminated to the user and always kept private |
| by the application. |
| <h4>Shiro 1.1</h4> |
| As of Shiro 1.1, it is expected that any salt used to hash the submitted credentials will be obtained from the |
| stored account information (represented as an <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> instance). This is much |
| more secure because the salt value remains private to the application (Shiro will never store this value). |
| <p/> |
| To enable this, <code>Realm</code>s should return <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instances |
| during authentication. <code>HashedCredentialsMatcher</code> implementations will then use the provided |
| <a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>credentialsSalt</code></a> for hashing. To avoid |
| security risks, |
| <b>it is highly recommended that any existing <code>Realm</code> implementations that support hashed credentials are |
| updated to return <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instances as soon as possible</b>. |
| <h4>Shiro 1.0 Backwards Compatibility</h4> |
| Because of the identified security risk, <code>Realm</code> implementations that support credentials hashing should |
| be updated to return <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instances as |
| soon as possible. |
| <p/> |
| If this is not possible for some reason, this class will retain 1.0 backwards-compatible behavior of obtaining |
| the salt via the now-deprecated <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a> method. This |
| method will only be invoked if a <code>Realm</code> <em>does not</em> return |
| <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAutenticationInfo</code></a> instances and <a href="#isHashSalted()"><code>hashSalted</code></a> is |
| <code>true</code>. |
| But please note that the <a href="#isHashSalted()"><code>hashSalted</code></a> property and the |
| <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a> methods will be removed before the Shiro 2.0 |
| release. |
| <h3>Multiple Hash Iterations</h3> |
| If you hash your users' credentials multiple times before persisting to the data store, you will also need to |
| set this class's <a href="#setHashIterations(int)"><code>hashIterations</code></a> property. See the |
| <a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a>'s |
| <a href="http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack"> |
| "Hardening against the attacker's attack"</a> section to learn more about why you might want to use |
| multiple hash iterations. |
| <h2>MD5 & SHA-1 Notice</h2> |
| <a href="http://en.wikipedia.org/wiki/MD5">MD5</a> and |
| <a href="http://en.wikipedia.org/wiki/SHA_hash_functions">SHA-1</a> algorithms are now known to be vulnerable to |
| compromise and/or collisions (read the linked pages for more). While most applications are ok with either of these |
| two, if your application mandates high security, use the SHA-256 (or higher) hashing algorithms and their |
| supporting <code>CredentialsMatcher</code> implementations.</div> |
| <dl> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>0.9</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><code>Md5Hash</code>, |
| <code>Sha1Hash</code>, |
| <code>Sha256Hash</code></dd> |
| </dl> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- =========== FIELD SUMMARY =========== --> |
| <section> |
| <ul class="blockList"> |
| <li class="blockList"><a id="field.summary"> |
| <!-- --> |
| </a> |
| <h3>Field Summary</h3> |
| <ul class="blockList"> |
| <li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.codec.CodecSupport"> |
| <!-- --> |
| </a> |
| <h3>Fields inherited from class org.apache.shiro.codec.CodecSupport</h3> |
| <code>PREFERRED_ENCODING</code></li> |
| </ul> |
| </li> |
| </ul> |
| </section> |
| <!-- ======== CONSTRUCTOR SUMMARY ======== --> |
| <section> |
| <ul class="blockList"> |
| <li class="blockList"><a id="constructor.summary"> |
| <!-- --> |
| </a> |
| <h3>Constructor Summary</h3> |
| <table class="memberSummary"> |
| <caption><span>Constructors</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Constructor</th> |
| <th class="colLast" scope="col">Description</th> |
| </tr> |
| <tr class="altColor"> |
| <th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="#%3Cinit%3E()">HashedCredentialsMatcher</a></span>()</code></th> |
| <td class="colLast"> |
| <div class="block">JavaBeans-compatible no-arg constructor intended for use in IoC/Dependency Injection environments.</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="#%3Cinit%3E(java.lang.String)">HashedCredentialsMatcher</a></span>​(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> hashAlgorithmName)</code></th> |
| <td class="colLast"> |
| <div class="block">Creates an instance using the specified <a href="#getHashAlgorithmName()"><code>hashAlgorithmName</code></a> to hash submitted |
| credentials.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </section> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <section> |
| <ul class="blockList"> |
| <li class="blockList"><a id="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd"> </span></span><span id="t6" class="tableTab"><span><a href="javascript:show(32);">Deprecated Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colSecond" scope="col">Method</th> |
| <th class="colLast" scope="col">Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">doCredentialsMatch</a></span>​(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a> token, |
| <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a> info)</code></th> |
| <td class="colLast"> |
| <div class="block">This implementation first hashes the <code>token</code>'s credentials, potentially using a |
| <code>salt</code> if the <code>info</code> argument is a |
| <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a>.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getCredentials(org.apache.shiro.authc.AuthenticationInfo)">getCredentials</a></span>​(<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a> info)</code></th> |
| <td class="colLast"> |
| <div class="block">Returns a <code>Hash</code> instance representing the already-hashed AuthenticationInfo credentials stored in the system.</div> |
| </td> |
| </tr> |
| <tr id="i2" class="altColor"> |
| <td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getHashAlgorithmName()">getHashAlgorithmName</a></span>()</code></th> |
| <td class="colLast"> |
| <div class="block">Returns the <code>Hash</code> <code>algorithmName</code> to use |
| when performing hashes for credentials matching.</div> |
| </td> |
| </tr> |
| <tr id="i3" class="rowColor"> |
| <td class="colFirst"><code>int</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getHashIterations()">getHashIterations</a></span>()</code></th> |
| <td class="colLast"> |
| <div class="block">Returns the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before |
| comparing to the credentials stored in the system.</div> |
| </td> |
| </tr> |
| <tr id="i4" class="altColor"> |
| <td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)">getSalt</a></span>​(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a> token)</code></th> |
| <td class="colLast"> |
| <div class="block"><span class="deprecatedLabel">Deprecated.</span> |
| <div class="deprecationComment">since Shiro 1.1.</div> |
| </div> |
| </td> |
| </tr> |
| <tr id="i5" class="rowColor"> |
| <td class="colFirst"><code>protected org.apache.shiro.crypto.hash.Hash</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#hashProvidedCredentials(java.lang.Object,java.lang.Object,int)">hashProvidedCredentials</a></span>​(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> credentials, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> salt, |
| int hashIterations)</code></th> |
| <td class="colLast"> |
| <div class="block">Hashes the provided credentials a total of <code>hashIterations</code> times, using the given salt.</div> |
| </td> |
| </tr> |
| <tr id="i6" class="altColor"> |
| <td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#hashProvidedCredentials(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">hashProvidedCredentials</a></span>​(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a> token, |
| <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a> info)</code></th> |
| <td class="colLast"> |
| <div class="block">Hash the provided <code>token</code>'s credentials using the salt stored with the account if the |
| <code>info</code> instance is an <code>instanceof</code> <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> (see |
| the class-level JavaDoc for why this is the preferred approach).</div> |
| </td> |
| </tr> |
| <tr id="i7" class="rowColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isHashSalted()">isHashSalted</a></span>()</code></th> |
| <td class="colLast"> |
| <div class="block"><span class="deprecatedLabel">Deprecated.</span> |
| <div class="deprecationComment">since Shiro 1.1.</div> |
| </div> |
| </td> |
| </tr> |
| <tr id="i8" class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isStoredCredentialsHexEncoded()">isStoredCredentialsHexEncoded</a></span>()</code></th> |
| <td class="colLast"> |
| <div class="block">Returns <code>true</code> if the system's stored credential hash is Hex encoded, <code>false</code> if it |
| is Base64 encoded.</div> |
| </td> |
| </tr> |
| <tr id="i9" class="rowColor"> |
| <td class="colFirst"><code>protected org.apache.shiro.crypto.hash.AbstractHash</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#newHashInstance()">newHashInstance</a></span>()</code></th> |
| <td class="colLast"> |
| <div class="block">Returns a new, <em>uninitialized</em> instance, without its byte array set.</div> |
| </td> |
| </tr> |
| <tr id="i10" class="altColor"> |
| <td class="colFirst"><code>void</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setHashAlgorithmName(java.lang.String)">setHashAlgorithmName</a></span>​(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> hashAlgorithmName)</code></th> |
| <td class="colLast"> |
| <div class="block">Sets the <code>Hash</code> <code>algorithmName</code> to use |
| when performing hashes for credentials matching.</div> |
| </td> |
| </tr> |
| <tr id="i11" class="rowColor"> |
| <td class="colFirst"><code>void</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setHashIterations(int)">setHashIterations</a></span>​(int hashIterations)</code></th> |
| <td class="colLast"> |
| <div class="block">Sets the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before comparing |
| to the credentials stored in the system.</div> |
| </td> |
| </tr> |
| <tr id="i12" class="altColor"> |
| <td class="colFirst"><code>void</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setHashSalted(boolean)">setHashSalted</a></span>​(boolean hashSalted)</code></th> |
| <td class="colLast"> |
| <div class="block"><span class="deprecatedLabel">Deprecated.</span> |
| <div class="deprecationComment">since Shiro 1.1.</div> |
| </div> |
| </td> |
| </tr> |
| <tr id="i13" class="rowColor"> |
| <td class="colFirst"><code>void</code></td> |
| <th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setStoredCredentialsHexEncoded(boolean)">setStoredCredentialsHexEncoded</a></span>​(boolean storedCredentialsHexEncoded)</code></th> |
| <td class="colLast"> |
| <div class="block">Sets the indicator if this system's stored credential hash is Hex encoded or not.</div> |
| </td> |
| </tr> |
| </table> |
| <ul class="blockList"> |
| <li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.authc.credential.SimpleCredentialsMatcher"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class org.apache.shiro.authc.credential.<a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></h3> |
| <code><a href="SimpleCredentialsMatcher.html#equals(java.lang.Object,java.lang.Object)">equals</a>, <a href="SimpleCredentialsMatcher.html#getCredentials(org.apache.shiro.authc.AuthenticationToken)">getCredentials</a></code></li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.codec.CodecSupport"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class org.apache.shiro.codec.CodecSupport</h3> |
| <code>isByteSource, objectToBytes, objectToString, toBytes, toBytes, toBytes, toBytes, toBytes, toBytes, toBytes, toChars, toChars, toString, toString, toString</code></li> |
| </ul> |
| <ul class="blockList"> |
| <li class="blockList"><a id="methods.inherited.from.class.java.lang.Object"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></h3> |
| <code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang" class="externalLink">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang" class="externalLink">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang" class="externalLink">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang" class="externalLink">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang" class="externalLink">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang" class="externalLink">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang" class="externalLink">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang" class="externalLink">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long,int)" title="class or interface in java.lang" class="externalLink">wait</a></code></li> |
| </ul> |
| </li> |
| </ul> |
| </section> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ========= CONSTRUCTOR DETAIL ======== --> |
| <section> |
| <ul class="blockList"> |
| <li class="blockList"><a id="constructor.detail"> |
| <!-- --> |
| </a> |
| <h3>Constructor Detail</h3> |
| <a id="<init>()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>HashedCredentialsMatcher</h4> |
| <pre>public <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.135">HashedCredentialsMatcher</a>()</pre> |
| <div class="block">JavaBeans-compatible no-arg constructor intended for use in IoC/Dependency Injection environments. If you |
| use this constructor, you <em>MUST</em> also additionally set the |
| <a href="#setHashAlgorithmName(java.lang.String)"><code>hashAlgorithmName</code></a> property.</div> |
| </li> |
| </ul> |
| <a id="<init>(java.lang.String)"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>HashedCredentialsMatcher</h4> |
| <pre>public <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.149">HashedCredentialsMatcher</a>​(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> hashAlgorithmName)</pre> |
| <div class="block">Creates an instance using the specified <a href="#getHashAlgorithmName()"><code>hashAlgorithmName</code></a> to hash submitted |
| credentials.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>hashAlgorithmName</code> - the <code>Hash</code> <code>algorithmName</code> |
| to use when performing hashes for credentials matching.</dd> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.1</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </section> |
| <!-- ============ METHOD DETAIL ========== --> |
| <section> |
| <ul class="blockList"> |
| <li class="blockList"><a id="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a id="getHashAlgorithmName()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getHashAlgorithmName</h4> |
| <pre class="methodSignature">public <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.165">getHashAlgorithmName</a>()</pre> |
| <div class="block">Returns the <code>Hash</code> <code>algorithmName</code> to use |
| when performing hashes for credentials matching.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the <code>Hash</code> <code>algorithmName</code> to use |
| when performing hashes for credentials matching.</dd> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.1</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="setHashAlgorithmName(java.lang.String)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>setHashAlgorithmName</h4> |
| <pre class="methodSignature">public void <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.177">setHashAlgorithmName</a>​(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> hashAlgorithmName)</pre> |
| <div class="block">Sets the <code>Hash</code> <code>algorithmName</code> to use |
| when performing hashes for credentials matching.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>hashAlgorithmName</code> - the <code>Hash</code> <code>algorithmName</code> |
| to use when performing hashes for credentials matching.</dd> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.1</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="isStoredCredentialsHexEncoded()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isStoredCredentialsHexEncoded</h4> |
| <pre class="methodSignature">public boolean <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.192">isStoredCredentialsHexEncoded</a>()</pre> |
| <div class="block">Returns <code>true</code> if the system's stored credential hash is Hex encoded, <code>false</code> if it |
| is Base64 encoded. |
| <p/> |
| Default value is <code>true</code> for convenience - all of Shiro's <code>Hash#toString()</code> |
| implementations return Hex encoded values by default, making this class's use with those implementations |
| easier.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd><code>true</code> if the system's stored credential hash is Hex encoded, <code>false</code> if it |
| is Base64 encoded. Default is <code>true</code></dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="setStoredCredentialsHexEncoded(boolean)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>setStoredCredentialsHexEncoded</h4> |
| <pre class="methodSignature">public void <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.209">setStoredCredentialsHexEncoded</a>​(boolean storedCredentialsHexEncoded)</pre> |
| <div class="block">Sets the indicator if this system's stored credential hash is Hex encoded or not. |
| <p/> |
| A value of <code>true</code> will cause this class to decode the system credential from Hex, a |
| value of <code>false</code> will cause this class to decode the system credential from Base64. |
| <p/> |
| Unless overridden via this method, the default value is <code>true</code> for convenience - all of Shiro's |
| <code>Hash#toString()</code> implementations return Hex encoded values by default, making this class's use with |
| those implementations easier.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>storedCredentialsHexEncoded</code> - the indicator if this system's stored credential hash is Hex |
| encoded or not ('not' automatically implying it is Base64 encoded).</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="isHashSalted()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>isHashSalted</h4> |
| <pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Deprecated.html?is-external=true" title="class or interface in java.lang" class="externalLink">@Deprecated</a> |
| public boolean <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.236">isHashSalted</a>()</pre> |
| <div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span> |
| <div class="deprecationComment">since Shiro 1.1. Hash salting is now expected to be based on if the <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> |
| returned from the <code>Realm</code> is a <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instance and its |
| <a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>getCredentialsSalt()</code></a> method returns a non-null value. |
| This method and the 1.0 behavior still exists for backwards compatibility if the <code>Realm</code> does not return |
| <code>SaltedAuthenticationInfo</code> instances, but <b>it is highly recommended that <code>Realm</code> implementations |
| that support hashed credentials start returning <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> |
| instances as soon as possible</b>. |
| <p/> |
| This is because salts should always be obtained from the stored account information and |
| never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for |
| attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user |
| are almost impossible to break. This method will be removed in Shiro 2.0.</div> |
| </div> |
| <div class="block">Returns <code>true</code> if a submitted <code>AuthenticationToken</code>'s credentials should be salted when hashing, |
| <code>false</code> if it should not be salted. |
| <p/> |
| If enabled, the salt used will be obtained via the <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt</code></a> method. |
| <p/> |
| The default value is <code>false</code>.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd><code>true</code> if a submitted <code>AuthenticationToken</code>'s credentials should be salted when hashing, |
| <code>false</code> if it should not be salted.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="setHashSalted(boolean)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>setHashSalted</h4> |
| <pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Deprecated.html?is-external=true" title="class or interface in java.lang" class="externalLink">@Deprecated</a> |
| public void <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.262">setHashSalted</a>​(boolean hashSalted)</pre> |
| <div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span> |
| <div class="deprecationComment">since Shiro 1.1. Hash salting is now expected to be based on if the <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> |
| returned from the <code>Realm</code> is a <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instance and its |
| <a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>getCredentialsSalt()</code></a> method returns a non-null value. |
| This method and the 1.0 behavior still exists for backwards compatibility if the <code>Realm</code> does not return |
| <code>SaltedAuthenticationInfo</code> instances, but <b>it is highly recommended that <code>Realm</code> implementations |
| that support hashed credentials start returning <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> |
| instances as soon as possible</b>. |
| <p/> |
| This is because salts should always be obtained from the stored account information and |
| never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for |
| attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user |
| are almost impossible to break. This method will be removed in Shiro 2.0.</div> |
| </div> |
| <div class="block">Sets whether or not to salt a submitted <code>AuthenticationToken</code>'s credentials when hashing. |
| <p/> |
| If enabled, the salt used will be obtained via the <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getCredentialsSalt</code></a> method. |
| </p> |
| The default value is <code>false</code>.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>hashSalted</code> - whether or not to salt a submitted <code>AuthenticationToken</code>'s credentials when hashing.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="getHashIterations()"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getHashIterations</h4> |
| <pre class="methodSignature">public int <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.276">getHashIterations</a>()</pre> |
| <div class="block">Returns the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before |
| comparing to the credentials stored in the system. |
| <p/> |
| Unless overridden, the default value is <code>1</code>, meaning a normal hash execution will occur.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before |
| comparing to the credentials stored in the system.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="setHashIterations(int)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>setHashIterations</h4> |
| <pre class="methodSignature">public void <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.291">setHashIterations</a>​(int hashIterations)</pre> |
| <div class="block">Sets the number of times a submitted <code>AuthenticationToken</code>'s credentials will be hashed before comparing |
| to the credentials stored in the system. |
| <p/> |
| Unless overridden, the default value is <code>1</code>, meaning a normal single hash execution will occur. |
| <p/> |
| If this argument is less than 1 (i.e. 0 or negative), the default value of 1 is applied. There must always be |
| at least 1 hash iteration (otherwise there would be no hash).</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>hashIterations</code> - the number of times to hash a submitted <code>AuthenticationToken</code>'s credentials.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="getSalt(org.apache.shiro.authc.AuthenticationToken)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getSalt</h4> |
| <pre class="methodSignature"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Deprecated.html?is-external=true" title="class or interface in java.lang" class="externalLink">@Deprecated</a> |
| protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.320">getSalt</a>​(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a> token)</pre> |
| <div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span> |
| <div class="deprecationComment">since Shiro 1.1. Hash salting is now expected to be based on if the <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>AuthenticationInfo</code></a> |
| returned from the <code>Realm</code> is a <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> instance and its |
| <a href="../SaltedAuthenticationInfo.html#getCredentialsSalt()"><code>getCredentialsSalt()</code></a> method returns a non-null value. |
| This method and the 1.0 behavior still exists for backwards compatibility if the <code>Realm</code> does not return |
| <code>SaltedAuthenticationInfo</code> instances, but <b>it is highly recommended that <code>Realm</code> implementations |
| that support hashed credentials start returning <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> |
| instances as soon as possible</b>.<p/> |
| This is because salts should always be obtained from the stored account information and |
| never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for |
| attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user |
| are almost impossible to break. This method will be removed in Shiro 2.0.</div> |
| </div> |
| <div class="block">Returns a salt value used to hash the token's credentials. |
| <p/> |
| This default implementation merely returns <code>token.getPrincipal()</code>, effectively using the user's |
| identity (username, user id, etc) as the salt, a most common technique. If you wish to provide the |
| authentication token's salt another way, you may override this method.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>token</code> - the AuthenticationToken submitted during the authentication attempt.</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>a salt value to use to hash the authentication token's credentials.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="getCredentials(org.apache.shiro.authc.AuthenticationInfo)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getCredentials</h4> |
| <pre class="methodSignature">protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.344">getCredentials</a>​(<a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a> info)</pre> |
| <div class="block">Returns a <code>Hash</code> instance representing the already-hashed AuthenticationInfo credentials stored in the system. |
| <p/> |
| This method reconstructs a <code>Hash</code> instance based on a <code>info.getCredentials</code> call, |
| but it does <em>not</em> hash that value - it is expected that method call will return an already-hashed value. |
| <p/> |
| This implementation's reconstruction effort functions as follows: |
| <ol> |
| <li>Convert <code>account.getCredentials()</code> to a byte array via the <code>toBytes</code> method. |
| <li>If <code>account.getCredentials()</code> was originally a String or char[] before <code>toBytes</code> was |
| called, check for encoding: |
| <li>If <a href="#storedCredentialsHexEncoded"><code>storedCredentialsHexEncoded</code></a>, Hex decode that byte array, otherwise |
| Base64 decode the byte array</li> |
| <li>Set the byte[] array directly on the <code>Hash</code> implementation and return it.</li> |
| </ol></div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Overrides:</span></dt> |
| <dd><code><a href="SimpleCredentialsMatcher.html#getCredentials(org.apache.shiro.authc.AuthenticationInfo)">getCredentials</a></code> in class <code><a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></code></dd> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>info</code> - the AuthenticationInfo from which to retrieve the credentials which assumed to be in already-hashed form.</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>a <code>Hash</code> instance representing the given AuthenticationInfo's stored credentials.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>doCredentialsMatch</h4> |
| <pre class="methodSignature">public boolean <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.377">doCredentialsMatch</a>​(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a> token, |
| <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a> info)</pre> |
| <div class="block">This implementation first hashes the <code>token</code>'s credentials, potentially using a |
| <code>salt</code> if the <code>info</code> argument is a |
| <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a>. It then compares the hash |
| against the <code>AuthenticationInfo</code>'s |
| <a href="#getCredentials(org.apache.shiro.authc.AuthenticationInfo)"><code>already-hashed credentials</code></a>. This method |
| returns <code>true</code> if those two values are <a href="SimpleCredentialsMatcher.html#equals(java.lang.Object,java.lang.Object)"><code>equal</code></a>, <code>false</code> otherwise.</div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Specified by:</span></dt> |
| <dd><code><a href="CredentialsMatcher.html#doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">doCredentialsMatch</a></code> in interface <code><a href="CredentialsMatcher.html" title="interface in org.apache.shiro.authc.credential">CredentialsMatcher</a></code></dd> |
| <dt><span class="overrideSpecifyLabel">Overrides:</span></dt> |
| <dd><code><a href="SimpleCredentialsMatcher.html#doCredentialsMatch(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)">doCredentialsMatch</a></code> in class <code><a href="SimpleCredentialsMatcher.html" title="class in org.apache.shiro.authc.credential">SimpleCredentialsMatcher</a></code></dd> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>token</code> - the <code>AuthenticationToken</code> submitted during the authentication attempt.</dd> |
| <dd><code>info</code> - the <code>AuthenticationInfo</code> stored in the system matching the token principal</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd><code>true</code> if the provided token credentials hash match to the stored account credentials hash, |
| <code>false</code> otherwise</dd> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.1</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="hashProvidedCredentials(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationInfo)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>hashProvidedCredentials</h4> |
| <pre class="methodSignature">protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.402">hashProvidedCredentials</a>​(<a href="../AuthenticationToken.html" title="interface in org.apache.shiro.authc">AuthenticationToken</a> token, |
| <a href="../AuthenticationInfo.html" title="interface in org.apache.shiro.authc">AuthenticationInfo</a> info)</pre> |
| <div class="block">Hash the provided <code>token</code>'s credentials using the salt stored with the account if the |
| <code>info</code> instance is an <code>instanceof</code> <a href="../SaltedAuthenticationInfo.html" title="interface in org.apache.shiro.authc"><code>SaltedAuthenticationInfo</code></a> (see |
| the class-level JavaDoc for why this is the preferred approach). |
| <p/> |
| If the <code>info</code> instance is <em>not</em> |
| an <code>instanceof</code> <code>SaltedAuthenticationInfo</code>, the logic will fall back to Shiro 1.0 |
| backwards-compatible logic: it will first check to see <a href="#isHashSalted()"><code>isHashSalted</code></a> and if so, will try |
| to acquire the salt from <a href="#getSalt(org.apache.shiro.authc.AuthenticationToken)"><code>getSalt(AuthenticationToken)</code></a>. See the class-level |
| JavaDoc for why this is not recommended. This 'fallback' logic exists only for backwards-compatibility. |
| <code>Realm</code>s should be updated as soon as possible to return <code>SaltedAuthenticationInfo</code> instances |
| if account credentials salting is enabled (highly recommended for password-based systems).</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>token</code> - the submitted authentication token from which its credentials will be hashed</dd> |
| <dd><code>info</code> - the stored account data, potentially used to acquire a salt</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the token credentials hash</dd> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.1</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="hashProvidedCredentials(java.lang.Object,java.lang.Object,int)"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>hashProvidedCredentials</h4> |
| <pre class="methodSignature">protected org.apache.shiro.crypto.hash.Hash <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.443">hashProvidedCredentials</a>​(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> credentials, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a> salt, |
| int hashIterations)</pre> |
| <div class="block">Hashes the provided credentials a total of <code>hashIterations</code> times, using the given salt. The hash |
| implementation/algorithm used is based on the <a href="#getHashAlgorithmName()"><code>hashAlgorithmName</code></a> property.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>credentials</code> - the submitted authentication token's credentials to hash</dd> |
| <dd><code>salt</code> - the value to salt the hash, or <code>null</code> if a salt will not be used.</dd> |
| <dd><code>hashIterations</code> - the number of times to hash the credentials. At least one hash will always occur though, |
| even if this argument is 0 or negative.</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the hashed value of the provided credentials, according to the specified salt and hash iterations.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a id="newHashInstance()"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>newHashInstance</h4> |
| <pre class="methodSignature">protected org.apache.shiro.crypto.hash.AbstractHash <a href="../../../../../src-html/org/apache/shiro/authc/credential/HashedCredentialsMatcher.html#line.454">newHashInstance</a>()</pre> |
| <div class="block">Returns a new, <em>uninitialized</em> instance, without its byte array set. Used as a utility method in the |
| <a href="SimpleCredentialsMatcher.html#getCredentials(org.apache.shiro.authc.AuthenticationInfo)"><code>getCredentials(AuthenticationInfo)</code></a> implementation.</div> |
| <dl> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>a new, <em>uninitialized</em> instance, without its byte array set.</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </section> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </main> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <footer role="contentinfo"> |
| <nav role="navigation"> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a id="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a id="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../index.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="class-use/HashedCredentialsMatcher.html">Use</a></li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../../allclasses.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#field.summary">Field</a> | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a id="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </nav> |
| <p class="legalCopy"><small>Copyright © 2004–2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p> |
| </footer> |
| </body> |
| </html> |