Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-176

AuthenticationInfo instances should be able to return stored salt

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 0.9-RC1, 0.9, 1.0.0
    • 1.1.0
    • None
    • None

    Description

      When comparing credentials hashed with a salt, the salt value should be easily accessible from the AuthenticationInfo instance. Perhaps a new SaltedAuthenticationInfo interface should be introduced (and have the UsernamePasswordToken implement this interface) in order to easily acquire a salt.

      Currently the HashedCredentialsMatcher attempts to acquire the salt from the AuthenticationToken. However, the large majority of the time, the salt will be stored with the AuthenticationInfo and it should be possible to acquire it from that.

      After adding the new interface, the HashedCredentialsMatcher will need a new method: getStoredCredentials(token, authcInfo) or something similar. The default implementation can simply call the existing getCredentials(token) method by default to retain current behavior.

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. SHIRO-186 Credentials Hashing: AuthenticationInfo should be able to return a salt for credentials comparison

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              lhazlewood Les Hazlewood
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: