Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-176

AuthenticationInfo instances should be able to return stored salt

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 0.9-RC1, 0.9, 1.0.0
    • Fix Version/s: 1.1.0
    • Component/s: None
    • Labels:
      None

      Description

      When comparing credentials hashed with a salt, the salt value should be easily accessible from the AuthenticationInfo instance. Perhaps a new SaltedAuthenticationInfo interface should be introduced (and have the UsernamePasswordToken implement this interface) in order to easily acquire a salt.

      Currently the HashedCredentialsMatcher attempts to acquire the salt from the AuthenticationToken. However, the large majority of the time, the salt will be stored with the AuthenticationInfo and it should be possible to acquire it from that.

      After adding the new interface, the HashedCredentialsMatcher will need a new method: getStoredCredentials(token, authcInfo) or something similar. The default implementation can simply call the existing getCredentials(token) method by default to retain current behavior.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lhazlewood Les Hazlewood
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: