Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-327

HashedCredentialsMatcher getCredentials() bug

    XMLWordPrintableJSON

Details

    Description

      isStoredCredentialsHexEncoded() always returns true, no matter if I store a hex or a base64 password or credential. Hex is Base16. Authentication fails if I store Base64 with an IllegalArgumentException because Hex.decode(...) doesn't recognize but the 0..9 and a..f alphabet

      Code quote:

      //account.credentials were a char[] or String, so
      //we need to do text decoding first:
      if (isStoredCredentialsHexEncoded())

      { storedBytes = Hex.decode(storedBytes); }

      else

      { storedBytes = Base64.decode(storedBytes); }

      ...
      from my ini:

      1. password hashing specification
        sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
        sha256Matcher.hashAlgorithmName=SHA-256

      Attachments

        Activity

          People

            Unassigned Unassigned
            tudor.raneti Tudor Raneti
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: