Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-327

HashedCredentialsMatcher getCredentials() bug

    XMLWordPrintableJSON

    Details

      Description

      isStoredCredentialsHexEncoded() always returns true, no matter if I store a hex or a base64 password or credential. Hex is Base16. Authentication fails if I store Base64 with an IllegalArgumentException because Hex.decode(...) doesn't recognize but the 0..9 and a..f alphabet

      Code quote:

      //account.credentials were a char[] or String, so
      //we need to do text decoding first:
      if (isStoredCredentialsHexEncoded())

      { storedBytes = Hex.decode(storedBytes); }

      else

      { storedBytes = Base64.decode(storedBytes); }

      ...
      from my ini:

      1. password hashing specification
        sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
        sha256Matcher.hashAlgorithmName=SHA-256

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tudor.raneti Tudor Raneti
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: