Shiro
  1. Shiro
  2. SHIRO-324

HashedCredentialsMatcher getCredentials() bug

    Details

      Description

      // isStoredCredentialsHexEncoded() always returns true, no matter if I store a hex or a base64 password or credential. Hex is Base16. Authentication fails if I store Base64 and don't move it to Hex before here with an IllegalArgumentException because Hex.decode(...) doesn't recognize but the 0..9 and a..f I think
      //account.credentials were a char[] or String, so
      //we need to do text decoding first:
      if (isStoredCredentialsHexEncoded())

      { storedBytes = Hex.decode(storedBytes); }

      else

      { storedBytes = Base64.decode(storedBytes); }

      ...
      from my ini:

      1. password hashing specification
        sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
        sha256Matcher.hashAlgorithmName=SHA-256

        Activity

        an wolf made changes -
        Field Original Value New Value
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Duplicate [ 3 ]
        Hide
        an wolf added a comment -

        moved

        Show
        an wolf added a comment - moved
        an wolf created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            an wolf
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development