Details
-
Bug
-
Status: Open
-
Blocker
-
Resolution: Unresolved
-
None
-
None
-
None
Description
I have been exploring Apache Shiro with Zeppelin and so far has been able to make authentication work with JdbcRealm but one thing that is not going well is giving the data source password as plain text.
Is there a way to avoid that?
My shiro.ini looks like:
[main] dataSource = org.postgresql.ds.PGPoolingDataSource dataSource.serverName = localhost dataSource.databaseName = dp dataSource.user = dp_test dataSource.password = Password123 ps = org.apache.shiro.authc.credential.DefaultPasswordService pm = org.apache.shiro.authc.credential.PasswordMatcher pm.passwordService = $ps jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm jdbcRealmCredentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher jdbcRealm.dataSource = $dataSource jdbcRealm.credentialsMatcher = $pm shiro.loginUrl = /api/login [roles] admin = * [urls] /** = authc
Is there a way to avoid giving data source password as plain text
dataSource.password = Password123
?
Would like to give something like: $shiro1$SHA-256$500000$YdUEhfDpsx9KLGeyshFegQ==$m+4wcq4bJZo1HqDAGECx50LcEkRZI0zCyq99gtRqZDk=