Java tutorial
/* * Copyright. This file is part of swigg-security. * * swigg-security is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * Foobar is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with swigg-security. If not, see <http://www.gnu.org/licenses/>. */ package net.swigg.security.authentication; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.CredentialsMatcher; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; /** * Implementation of {@link org.apache.shiro.authc.credential.CredentialsMatcher} that uses BCrypt hashing. * * @author Dustin Sweigart <dustin@swigg.net> */ public class BCryptCredentialsMatcher implements CredentialsMatcher { private BCryptPasswordEncoder passwordEncoder; /** * no-argument constructor */ protected BCryptCredentialsMatcher() { this(new BCryptPasswordEncoder()); } public BCryptCredentialsMatcher(BCryptPasswordEncoder passwordEncoder) { this.passwordEncoder = passwordEncoder; } @Override public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) { UsernamePasswordToken authToken = UsernamePasswordToken.class.cast(token); return passwordEncoder.matches(new String(authToken.getPassword()), info.getCredentials().toString()); } public BCryptPasswordEncoder getPasswordEncoder() { return passwordEncoder; } }