Returns {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing,
{@code false} if it should not be salted.
<p/>
If enabled, the salt used will be obtained via the {@link #getSalt(AuthenticationToken) getSalt} method.
<p/>
The default value is {@code false}.
@return {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing,
{@code false} if it should not be salted.
deprecated("") since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo}
returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its
{@link hunt.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return
{@code SaltedAuthenticationInfo} instances, but <b>it is highly recommended that {@code Realm} implementations
that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo}
instances as soon as possible</b>.
<p/>
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.
Returns {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing, {@code false} if it should not be salted. <p/> If enabled, the salt used will be obtained via the {@link #getSalt(AuthenticationToken) getSalt} method. <p/> The default value is {@code false}.
@return {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing, {@code false} if it should not be salted. deprecated("") since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo} returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its {@link hunt.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value. This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return {@code SaltedAuthenticationInfo} instances, but <b>it is highly recommended that {@code Realm} implementations that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} instances as soon as possible</b>. <p/> This is because salts should always be obtained from the stored account information and never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user are almost impossible to break. This method will be removed in Shiro 2.0.