rontron
Reputation: 473
How to handle different password encryption with Shiro
Assuming an account database with users having passwords encrypted differently. E.g. with sha1 with salt, sha1 without salt and plain text.
What would be the best way to handle a login with Apache Shiro?
Should I use multiple Realms for each encryption method or should I better handle different encryptions in single Realm?
The AuthenticationToken is for all encryptions the same. The user will always login via a form providing username/password.
Upvotes: 0
Views: 148
Answers (1)
jeorfevre
Reputation: 2316
Far better to use different realm as far as the connection protocol are not the same. If you move to oaut2 in the future you will have another realm. Enjoy shiro. :)
Upvotes: 0
Related Questions
- Migrating Shiro hashed passwords to Spring Security hashed passwords
- How can we encrypt and decrypt password in Karate?
- Shibboleth - How to configure multiple Password Authentication Configurations
- Shiro custom authentication logic
- Encrypt & Decrypt password using Jasypt
- Multiple Encryption Technique in Java
- Plain password and encrypted password doesn't match in Shiro
- Different Form login in Shiro
- symfony2 - multiple encoding password methods with mutiple user providers
- Password encryption/decryption Spring security