Class SimpleCredentialsMatcher

java.lang.Object
org.apache.shiro.lang.codec.CodecSupport
org.apache.shiro.authc.credential.SimpleCredentialsMatcher
All Implemented Interfaces:
CredentialsMatcher
Direct Known Subclasses:
HashedCredentialsMatcher
public class SimpleCredentialsMatcher extends org.apache.shiro.lang.codec.CodecSupport implements CredentialsMatcher
Simple CredentialsMatcher implementation. Supports direct (plain) comparison for credentials of type byte[], char[], and Strings, and if the arguments do not match these types, then reverts back to simple Object.equals comparison.

Hashing comparisons (the most common technique used in secure applications) are not supported by this class, but instead by the HashedCredentialsMatcher.

Since:
0.9
See Also:

  • Constructor Details

  • Method Details

    • getCredentials

      protected Object getCredentials(AuthenticationToken token)
      Returns the token's credentials.

      This default implementation merely returns authenticationToken.getCredentials() and exists as a template hook if subclasses wish to obtain the credentials in a different way or convert them to a different format before returning.

      Parameters:
      token - the AuthenticationToken submitted during the authentication attempt.
      Returns:
      the token's associated credentials.

    • getCredentials

      protected Object getCredentials(AuthenticationInfo info)
      Returns the account's credentials.

      This default implementation merely returns account.getCredentials() and exists as a template hook if subclasses wish to obtain the credentials in a different way or convert them to a different format before returning.

      Parameters:
      info - the AuthenticationInfo stored in the data store to be compared against the submitted authentication token's credentials.
      Returns:
      the account's associated credentials.

    • equals

      protected boolean equals(Object tokenCredentials, Object accountCredentials)
      Returns true if the tokenCredentials argument is logically equal to the accountCredentials argument.

      If both arguments are either a byte array (byte[]), char array (char[]) or String, they will be both be converted to raw byte arrays via the toBytes method first, and then resulting byte arrays are compared via Arrays.equals(byte[],byte[]).

      If either argument cannot be converted to a byte array as described, a simple Object equals comparison is made.

      Subclasses should override this method for more explicit equality checks.

      Parameters:
      tokenCredentials - the AuthenticationToken's associated credentials.
      accountCredentials - the AuthenticationInfo's stored credentials.
      Returns:
      true if the tokenCredentials are equal to the accountCredentials.

    • doCredentialsMatch

      public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info)
      This implementation acquires the token's credentials (via getCredentials(token)) and then the account's credentials (via getCredentials(account)) and then passes both of them to the equals(tokenCredentials, accountCredentials) method for equality comparison.
      Specified by:
      doCredentialsMatch in interface CredentialsMatcher
      Parameters:
      token - the AuthenticationToken submitted during the authentication attempt.
      info - the AuthenticationInfo stored in the system matching the token principal.
      Returns:
      true if the provided token credentials are equal to the stored account credentials, false otherwise