Examples with Sha256Hash org.apache.shiro.crypto.hash.Sha256Hash used on opensource projects

Example 6 with Sha256Hash

use of org.apache.shiro.crypto.hash.Sha256Hash in project ANNIS by korpling.

the class AdminServiceImpl method changePassword.

@POST
@Path("users/{userName}/password")
@Consumes("text/plain")
@Produces("application/xml")
public Response changePassword(String newPassword, @PathParam("userName") String userName) {
    Subject requestingUser = SecurityUtils.getSubject();
    requestingUser.checkPermission("admin:write:user");
    ANNISUserConfigurationManager confManager = getConfManager();
    ANNISUserRealm userRealm = getUserRealm();
    if (confManager != null && userRealm != null) {
        User user = confManager.getUser(userName);
        if (user == null) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
        Shiro1CryptFormat format = new Shiro1CryptFormat();
        SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
        // 128 bit
        ByteSource salt = generator.nextBytes(128 / 8);
        Sha256Hash hash = new Sha256Hash(newPassword, salt, 1);
        user.setPasswordHash(format.format(hash));
        if (userRealm.updateUser(user)) {
            return Response.ok().entity(user).build();
        }
    }
    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build();
}

Example 7 with Sha256Hash

use of org.apache.shiro.crypto.hash.Sha256Hash in project ANNIS by korpling.

the class ANNISUserRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    Validate.isInstanceOf(String.class, token.getPrincipal());
    String userName = (String) token.getPrincipal();
    if (userName.equals(anonymousUser)) {
        // for anonymous users the user name equals the Password, so hash the user name
        Sha256Hash hash = new Sha256Hash(userName);
        return new SimpleAuthenticationInfo(userName, hash.getBytes(), ANNISUserRealm.class.getName());
    }
    User user = confManager.getUser(userName);
    if (user != null) {
        String passwordHash = user.getPasswordHash();
        if (passwordHash != null) {
            if (passwordHash.startsWith("$")) {
                Shiro1CryptFormat fmt = new Shiro1CryptFormat();
                Hash hashCredentials = fmt.parse(passwordHash);
                if (hashCredentials instanceof SimpleHash) {
                    SimpleHash simpleHash = (SimpleHash) hashCredentials;
                    Validate.isTrue(simpleHash.getIterations() == 1, "Hash iteration count must be 1 for every password hash!");
                    // actually set the information from the user file
                    SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName, simpleHash.getBytes(), ANNISUserRealm.class.getName());
                    info.setCredentialsSalt(new SerializableByteSource(simpleHash.getSalt()));
                    return info;
                }
            } else {
                // fallback unsalted hex hash
                SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(token.getPrincipal(), passwordHash, ANNISUserRealm.class.getName());
                return info;
            }
        }
    }
    return null;
}

Example 8 with Sha256Hash

use of org.apache.shiro.crypto.hash.Sha256Hash in project shiro by apache.

the class JDBCRealmTest method createDefaultSchema.

/**
 * Creates a test database with the default (no separate salt column) schema, salting with
 * username if salted is true. Sets the DataSource of the realm associated with the test
 * to a DataSource connected to the database.  (To prevent concurrency problems when tests
 * are executed in multithreaded mode, each test method gets its own database.)
 */
protected void createDefaultSchema(String testName, boolean salted) {
    jdbcDataSource ds = new jdbcDataSource();
    ds.setDatabase("jdbc:hsqldb:mem:" + name);
    ds.setUser("SA");
    ds.setPassword("");
    Connection conn = null;
    Statement sql = null;
    try {
        conn = ds.getConnection();
        sql = conn.createStatement();
        sql.executeUpdate("create table users (username varchar(20), password varchar(20))");
        Sha256Hash sha256Hash = salted ? new Sha256Hash(plainTextPassword, salt) : new Sha256Hash(plainTextPassword);
        String password = sha256Hash.toHex();
        sql.executeUpdate("insert into users values ('" + username + "', '" + password + "')");
    } catch (SQLException ex) {
        Assert.fail("Exception creating test database");
    } finally {
        JdbcUtils.closeStatement(sql);
        JdbcUtils.closeConnection(conn);
    }
    createRolesAndPermissions(ds);
    realmMap.get(testName).setDataSource(ds);
    dsMap.put(testName, ds);
}

Example 9 with Sha256Hash

use of org.apache.shiro.crypto.hash.Sha256Hash in project nutzboot by nutzam.

the class UserModule method login.

@Ok("json")
@Fail("http:500")
@POST
@At("/login")
public boolean login(@Param("username") String username, @Param("password") String password, HttpSession session) {
    User user = dao.fetch(User.class, username);
    if (user == null)
        return false;
    Sha256Hash hash = new Sha256Hash(password, user.getSalt());
    if (!hash.toHex().equals(user.getPassword())) {
        return false;
    }
    Subject subject = SecurityUtils.getSubject();
    subject.login(new SimpleShiroToken(user.getId()));
    return true;
}