Sha1CredentialsMatcher

{@code HashedCredentialsMatcher} implementation that expects the stored {@code AuthenticationInfo} credentials to be SHA hashed. <p/> <b>Note:</b> <a href="http://en.wikipedia.org/wiki/MD5">MD5</a> and <a href="http://en.wikipedia.org/wiki/SHA_hash_functions">SHA-1</a> algorithms are now known to be vulnerable to compromise and/or collisions (read the linked pages for more). While most applications are ok with either of these two, if your application mandates high security, use the SHA-256 (or higher) hashing algorithms and their supporting <code>CredentialsMatcher</code> implementations.</p>

deprecated("") since 1.1 - use the HashedCredentialsMatcher directly and set its {@link HashedCredentialsMatcher#setHashAlgorithmName(string) hashAlgorithmName} property.

class Sha1CredentialsMatcher : HashedCredentialsMatcher {}

Constructors

this
this()
Undocumented in source.

Inherited Members

From HashedCredentialsMatcher

getHashAlgorithmName
string getHashAlgorithmName()

Returns the {@code Hash} {@link hunt.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName} to use when performing hashes for credentials matching.

setHashAlgorithmName
void setHashAlgorithmName(string hashAlgorithmName)

Sets the {@code Hash} {@link hunt.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName} to use when performing hashes for credentials matching.

isStoredCredentialsHexEncoded
bool isStoredCredentialsHexEncoded()

Returns {@code true} if the system's stored credential hash is Hex encoded, {@code false} if it is Base64 encoded. <p/> Default value is {@code true} for convenience - all of Shiro's {@link Hash Hash#toString()} implementations return Hex encoded values by default, making this class's use with those implementations easier.

setStoredCredentialsHexEncoded
void setStoredCredentialsHexEncoded(bool storedCredentialsHexEncoded)

Sets the indicator if this system's stored credential hash is Hex encoded or not. <p/> A value of {@code true} will cause this class to decode the system credential from Hex, a value of {@code false} will cause this class to decode the system credential from Base64. <p/> Unless overridden via this method, the default value is {@code true} for convenience - all of Shiro's {@link Hash Hash#toString()} implementations return Hex encoded values by default, making this class's use with those implementations easier.

isHashSalted
deprecated bool isHashSalted()

Returns {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing, {@code false} if it should not be salted. <p/> If enabled, the salt used will be obtained via the {@link #getSalt(AuthenticationToken) getSalt} method. <p/> The default value is {@code false}.

setHashSalted
deprecated void setHashSalted(bool hashSalted)

Sets whether or not to salt a submitted {@code AuthenticationToken}'s credentials when hashing. <p/> If enabled, the salt used will be obtained via the {@link #getSalt(hunt.shiro.authc.AuthenticationToken) getCredentialsSalt} method. </p> The default value is {@code false}.

getHashIterations
int getHashIterations()

Returns the number of times a submitted {@code AuthenticationToken}'s credentials will be hashed before comparing to the credentials stored in the system. <p/> Unless overridden, the default value is {@code 1}, meaning a normal hash execution will occur.

setHashIterations
void setHashIterations(int hashIterations)

Sets the number of times a submitted {@code AuthenticationToken}'s credentials will be hashed before comparing to the credentials stored in the system. <p/> Unless overridden, the default value is {@code 1}, meaning a normal single hash execution will occur. <p/> If this argument is less than 1 (i.e. 0 or negative), the default value of 1 is applied. There must always be at least 1 hash iteration (otherwise there would be no hash).

getSalt
deprecated string getSalt(AuthenticationToken token)

Returns a salt value used to hash the token's credentials. <p/> This default implementation merely returns {@code token.getPrincipal()}, effectively using the user's identity (username, user id, etc) as the salt, a most common technique. If you wish to provide the authentication token's salt another way, you may override this method.

doCredentialsMatch
bool doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info)

This implementation first hashes the {@code token}'s credentials, potentially using a {@code salt} if the {@code info} argument is a {@link hunt.shiro.authc.SaltedAuthenticationInfo SaltedAuthenticationInfo}. It then compares the hash against the {@code AuthenticationInfo}'s {@link #getCredentials(hunt.shiro.authc.AuthenticationInfo) already-hashed credentials}. This method returns {@code true} if those two values are {@link #equals(Object, Object) equal}, {@code false} otherwise.

hashProvidedCredentials
Object hashProvidedCredentials(AuthenticationToken token, AuthenticationInfo info)

Hash the provided {@code token}'s credentials using the salt stored with the account if the {@code info} instance is an {@code instanceof} {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} (see the class-level JavaDoc for why this is the preferred approach). <p/> If the {@code info} instance is <em>not</em> an {@code instanceof} {@code SaltedAuthenticationInfo}, the logic will fall back to Shiro 1.0 backwards-compatible logic: it will first check to see {@link #isHashSalted() isHashSalted} and if so, will try to acquire the salt from {@link #getSalt(AuthenticationToken) getSalt(AuthenticationToken)}. See the class-level JavaDoc for why this is not recommended. This 'fallback' logic exists only for backwards-compatibility. {@code Realm}s should be updated as soon as possible to return {@code SaltedAuthenticationInfo} instances if account credentials salting is enabled (highly recommended for password-based systems).

hashProvidedCredentials
Hash hashProvidedCredentials(Object credentials, Object salt, int hashIterations)

Hashes the provided credentials a total of {@code hashIterations} times, using the given salt. The hash implementation/algorithm used is based on the {@link #getHashAlgorithmName() hashAlgorithmName} property.

newHashInstance
AbstractHash newHashInstance()

Returns a new, <em>uninitialized</em> instance, without its byte array set. Used as a utility method in the {@link SimpleCredentialsMatcher#getCredentials(hunt.shiro.authc.AuthenticationInfo) getCredentials(AuthenticationInfo)} implementation.

Meta