HashedCredentialsMatcher.isHashSalted

Returns {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing, {@code false} if it should not be salted. <p/> If enabled, the salt used will be obtained via the {@link #getSalt(AuthenticationToken) getSalt} method. <p/> The default value is {@code false}.

@return {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing, {@code false} if it should not be salted. deprecated("") since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo} returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its {@link hunt.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value. This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return {@code SaltedAuthenticationInfo} instances, but <b>it is highly recommended that {@code Realm} implementations that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} instances as soon as possible</b>. <p/> This is because salts should always be obtained from the stored account information and never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user are almost impossible to break. This method will be removed in Shiro 2.0.

class HashedCredentialsMatcher
deprecated
bool
isHashSalted
()

Meta