hibernate - Shiro Authentication failed -

-

i use shiro 1.2.3 in jsf2+hibernate project. no luck user authenticated. can't figure out i'm doing wrong.

shiro.ini

[main] cachemanager = org.apache.shiro.cache.ehcache.ehcachemanager securitymanager.cachemanager = $cachemanager  hashservice = org.apache.shiro.crypto.hash.defaulthashservice hashservice.hashiterations = 100000 hashservice.hashalgorithmname = sha-256 hashservice.generatepublicsalt = true  passwordservice = org.apache.shiro.authc.credential.defaultpasswordservice passwordservice.hashservice = $hashservice passwordmatcher = org.apache.shiro.authc.credential.passwordmatcher passwordmatcher.passwordservice = $passwordservice  customsecurityrealm = com.sapienzo.common.customsecurityrealm customsecurityrealm.credentialsmatcher = $passwordmatcher securitymanager.realms = $customsecurityrealm

shiroutils class (helper class create salted hash)

public class shiroutils {  private static int hash_iterations = 100000;  public static string createsaltedhash(string plaintextpassword) {     defaulthashservice hashservice = new defaulthashservice();     hashservice.sethashiterations(hash_iterations);     hashservice.sethashalgorithmname(sha256hash.algorithm_name);     hashservice.setgeneratepublicsalt(true);      defaultpasswordservice passwordservice = new defaultpasswordservice();     passwordservice.sethashservice(hashservice);     string encryptedpassword = passwordservice.encryptpassword(plaintextpassword);      return encryptedpassword; } }

saving user database while registration (getting username , password form fields)

... user.setusername(username); user.setpassword(shiroutils.createsaltedhash(password); userservice.saveuser(user); ...

login (again username , password form fields)

usernamepasswordtoken token = new usernamepasswordtoken(user.getusername(), shiroutils.createsaltedhash(user.getpassword())); subject currentuser = securityutils.getsubject(); currentuser.login(token);

customsecurityrealm.java

public class customsecurityrealm extends authorizingrealm {     public customsecurityrealm() {         setname("customsecurityrealm");     }      @override     protected authenticationinfo dogetauthenticationinfo(authenticationtoken authenticationtoken) throws authenticationexception {         usernamepasswordtoken token = (usernamepasswordtoken) authenticationtoken;         if (token.getusername() == null) {             return null;         }         userservice userservice = new userservice();         string saltedhashpassword = userservice.getpasswordbyusername(token.getusername()); //get encrypted password db          if( saltedhashpassword != null ) {             simpleauthenticationinfo authn = new simpleauthenticationinfo(token.getusername(), saltedhashpassword, getname());             return authn;         } else {             return null;         }     }     @override     protected authorizationinfo dogetauthorizationinfo(principalcollection principalcollection) {         return null;         } }

after digging out code line line, noticed passwordsmatch method used password comparison returns false regardless of inputs.

for example:

string plaintextpassword = "foo"; defaultpasswordservice passwordservice = new defaultpasswordservice(); string encryptedpassword = passwordservice.encryptpassword(plaintextpassword); boolean result = passwordservice.passwordsmatch(plaintextpassword, encryptedpassword); system.out.println(result);

output false. found this post later. causing reported bug. if default locale different english shiro gets confused when (un)capitalizing letters. should set default locale locale.english fix this.


Comments

Post a Comment

Popular posts from this blog

yii2 - Yii 2 Running a Cron in the basic template -

-
i have seen instructions on running cron in advanced template, cant figure out how on basic template. have following controller in basic controllers folder. <?php namespace app\controllers; use yii\console\controller; /** * cron controller */ class croncontroller extends controller { public function actionindex() { echo "cron service runnning"; } public function actionmail($to) { echo "sending mail " . $to; } } i have navigated root of application , tried these comands yii cron php yii cron im getting unknown comand "cron" i know old question failed find actual answer this. if @ code yii exec file you'll notice requires /common/config/aliases.php file console/config/main.php. can naturally change these or copy on these advanced template. hope solves problem wanting same thing.
Read more

asp.net - 'System.Web.HttpContext' does not contain a definition for 'GetOwinContext' Mystery -

-
i realize question might seem trivial some, it's these types of things find myself fighting quite bit , want make sense of despite seeming losing battle in .net (for me anyway). so, if following: using system.web; ... applicationuser user = system.web.httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); that produces error in title , red getowincontext() , error cannot resolve symbol 'getowincontext()' however, if following (remove system.web in front of httpcontext ), works expected (or @ least no errors): using system.web; ... applicationuser user = httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); however, if (same line that's working using system.web commented out): //using system.web; ... applicationuser user = httpcontext.getowincontext().getusermana...
Read more

mercurial graft feature, can it copy? -

-
there new feature in mercurial 3, called 'graft' (graft local). job of moving change-set different branch. is there way "copy" change-set branch? i interested in in moving stuff qa branch production branch, still need code reside in qa. want copy. found , have tried few things, maybe it'll become clear more tinkering , reading... does have better way of 'cherry picking' change-sets move cross branch (or trunk)??? graft copies changesets, doesn't move them. hg graft (emphasis mine): this command uses mercurial's merge logic copy individual changes other branches without merging branches in history graph. known 'backporting' or 'cherry-picking' . default, graft copy user, date, , description source changesets.
Read more