Returns the {@code Hash} {@link hunt.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName} to use when performing hashes for credentials matching.
Sets the {@code Hash} {@link hunt.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName} to use when performing hashes for credentials matching.
Returns {@code true} if the system's stored credential hash is Hex encoded, {@code false} if it is Base64 encoded. <p/> Default value is {@code true} for convenience - all of Shiro's {@link Hash Hash#toString()} implementations return Hex encoded values by default, making this class's use with those implementations easier.
Sets the indicator if this system's stored credential hash is Hex encoded or not. <p/> A value of {@code true} will cause this class to decode the system credential from Hex, a value of {@code false} will cause this class to decode the system credential from Base64. <p/> Unless overridden via this method, the default value is {@code true} for convenience - all of Shiro's {@link Hash Hash#toString()} implementations return Hex encoded values by default, making this class's use with those implementations easier.
Returns {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing, {@code false} if it should not be salted. <p/> If enabled, the salt used will be obtained via the {@link #getSalt(AuthenticationToken) getSalt} method. <p/> The default value is {@code false}.
Sets whether or not to salt a submitted {@code AuthenticationToken}'s credentials when hashing. <p/> If enabled, the salt used will be obtained via the {@link #getSalt(hunt.shiro.authc.AuthenticationToken) getCredentialsSalt} method. </p> The default value is {@code false}.
Returns the number of times a submitted {@code AuthenticationToken}'s credentials will be hashed before comparing to the credentials stored in the system. <p/> Unless overridden, the default value is {@code 1}, meaning a normal hash execution will occur.
Sets the number of times a submitted {@code AuthenticationToken}'s credentials will be hashed before comparing to the credentials stored in the system. <p/> Unless overridden, the default value is {@code 1}, meaning a normal single hash execution will occur. <p/> If this argument is less than 1 (i.e. 0 or negative), the default value of 1 is applied. There must always be at least 1 hash iteration (otherwise there would be no hash).
Returns a salt value used to hash the token's credentials. <p/> This default implementation merely returns {@code token.getPrincipal()}, effectively using the user's identity (username, user id, etc) as the salt, a most common technique. If you wish to provide the authentication token's salt another way, you may override this method.
This implementation first hashes the {@code token}'s credentials, potentially using a {@code salt} if the {@code info} argument is a {@link hunt.shiro.authc.SaltedAuthenticationInfo SaltedAuthenticationInfo}. It then compares the hash against the {@code AuthenticationInfo}'s {@link #getCredentials(hunt.shiro.authc.AuthenticationInfo) already-hashed credentials}. This method returns {@code true} if those two values are {@link #equals(Object, Object) equal}, {@code false} otherwise.
Hash the provided {@code token}'s credentials using the salt stored with the account if the {@code info} instance is an {@code instanceof} {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} (see the class-level JavaDoc for why this is the preferred approach). <p/> If the {@code info} instance is <em>not</em> an {@code instanceof} {@code SaltedAuthenticationInfo}, the logic will fall back to Shiro 1.0 backwards-compatible logic: it will first check to see {@link #isHashSalted() isHashSalted} and if so, will try to acquire the salt from {@link #getSalt(AuthenticationToken) getSalt(AuthenticationToken)}. See the class-level JavaDoc for why this is not recommended. This 'fallback' logic exists only for backwards-compatibility. {@code Realm}s should be updated as soon as possible to return {@code SaltedAuthenticationInfo} instances if account credentials salting is enabled (highly recommended for password-based systems).
Hashes the provided credentials a total of {@code hashIterations} times, using the given salt. The hash implementation/algorithm used is based on the {@link #getHashAlgorithmName() hashAlgorithmName} property.
Returns a new, <em>uninitialized</em> instance, without its byte array set. Used as a utility method in the {@link SimpleCredentialsMatcher#getCredentials(hunt.shiro.authc.AuthenticationInfo) getCredentials(AuthenticationInfo)} implementation.
{@code HashedCredentialsMatcher} implementation that expects the stored {@code AuthenticationInfo} credentials to be SHA hashed. <p/> <b>Note:</b> <a href="http://en.wikipedia.org/wiki/MD5">MD5</a> and <a href="http://en.wikipedia.org/wiki/SHA_hash_functions">SHA-1</a> algorithms are now known to be vulnerable to compromise and/or collisions (read the linked pages for more). While most applications are ok with either of these two, if your application mandates high security, use the SHA-256 (or higher) hashing algorithms and their supporting <code>CredentialsMatcher</code> implementations.</p>
deprecated("") since 1.1 - use the HashedCredentialsMatcher directly and set its {@link HashedCredentialsMatcher#setHashAlgorithmName(string) hashAlgorithmName} property.