From 49cdfb8636c508014ed6471e16e88df9e48a08c4 Mon Sep 17 00:00:00 2001 From: Enis Inan Date: Wed, 21 Mar 2018 15:12:51 -0700 Subject: [PATCH] Add doc/shiro-encryption.ini This shows the user how to specify encrypted passwords in a Shiro configuration file. Linked to https://tickets.puppetlabs.com/browse/RAZOR-1067 --- doc/shiro-encryption.ini | 27 +++++++++++++++++++++++++++ shiro.ini | 4 +++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 doc/shiro-encryption.ini diff --git a/doc/shiro-encryption.ini b/doc/shiro-encryption.ini new file mode 100644 index 000000000..55863fa20 --- /dev/null +++ b/doc/shiro-encryption.ini @@ -0,0 +1,27 @@ +# This configuration shows how to set up Shiro to use encrypted passwords. +# The credentials matcher is used to authenticate connecting users, +# where a user is specified by their username and password. SHA-256 +# is used by default, so all passwords listed here must be SHA-256 hashes. +# To calculate the SHA-256 of a password, you can use openssl via. the +# following CLI invocation: +# echo -n | openssl dgst -sha256 -binary | xxd -p -c 256 +# +# NOTE: The "-n" flag forces echo not to append a newline, as otherwise +# it would be hashed along with ! + +# For more details, please refer to http://shiro.apache.org/configuration.html. +[main] + +# We need to declare the sha256Matcher variable here so that Shiro +# actually creates the object +sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher +iniRealm.credentialsMatcher = $sha256Matcher + +[user] +# Some example users, specified as " = " + +# password is SHA-256 of the word "dead" +fred = 28a3a5e81d1e89f0efc70b63bf717b921373fc7fac70bc1b7e4d466799c0c6b0 + +# password is SHA-256 of the word "alive" +alice = 135fc7a09da25f03e44f7a2c700efd4a9d0a989af4d4704eabfe9ada71b26590 diff --git a/shiro.ini b/shiro.ini index ddcdc962f..0fc556d15 100644 --- a/shiro.ini +++ b/shiro.ini @@ -1,3 +1,5 @@ # This is the standard Apache Shiro authentication configuration file. -# http://shiro.apache.org/configuration.html +# All the details of what can be specified here are documented on +# http://shiro.apache.org/configuration.html. You can also view the files +# prefixed with "shiro" in the doc/ folder for some example Shiro configurations. [main]