I've created an application and been using Shiro for the authentication. I've followed most of the guides and also some of the posted questions here regarding shiro and Jdbc Realm.
Here is my shiro.ini file:
[main]
authc.loginUrl=/jsp/loginForm.jsp
authc.successUrl=/test/successUrl.jsp
authc.rememberMeParam = login-remember-me
logout.redirectUrl=/index.jsp
hashService = org.apache.shiro.crypto.hash.DefaultHashService
hashService.hashIterations = 500000
hashService.hashAlgorithmName = SHA-256
hashService.generatePublicSalt = true
hashService.privateSalt = someBase64EncodedSaltValue
realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = false
realm.authenticationQuery = SELECT password FROM userTable WHERE username = ?
ps = org.apache.shiro.authc.credential.DefaultPasswordService
ps.hashService = $hashService
pm = org.apache.shiro.authc.credential.PasswordMatcher
pm.passwordService = $ps
jof = org.apache.shiro.jndi.JndiObjectFactory
jof.resourceName = java:comp/env/jdbc/theResourceName
jof.requiredType = javax.sql.DataSource
jof.resourceRef = true
realm.dataSource = $jof
realm.credentialsMatcher = $pm
securityManager.realms = $realm
and i'm using the following code in Java to save the password in the database:
DefaultHashService hashService = new DefaultHashService();
hashService.setHashIterations(500000);
hashService.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
hashService.setPrivateSalt(new SimpleByteSource(
"someBase64EncodedSaltValue")); // Same salt as in shiro.ini, but NOT
// base64-encoded.
hashService.setGeneratePublicSalt(true);
DefaultPasswordService pwService = new DefaultPasswordService();
pwService.setHashService(hashService);
this.password = pwService.encryptPassword(password);
Everything looks good and is saving as expected but the problem is when I am logging in. I've traced the execution to JdbcRealm.class and I've seen that the value compared is the "raw string password" and the encrypted password from the database.
Did I miss any step configuring?
