Interface SaltedAuthenticationInfo

  • All Superinterfaces:
    AuthenticationInfo, Serializable
    All Known Implementing Classes:
    SimpleAccount, SimpleAuthenticationInfo

    public interface SaltedAuthenticationInfo
    extends AuthenticationInfo
    Interface representing account information that may use a salt when hashing credentials. This interface exists primarily to support environments that hash user credentials (e.g. passwords).

    Salts should typically be generated from a secure pseudo-random number generator so they are effectively impossible to guess. The salt value should be safely stored along side the account information to ensure it is maintained along with the account's credentials.

    This interface exists as a way for Shiro to acquire that salt so it can correctly perform credentials matching during login attempts. See the HashedCredentialsMatcher JavaDoc for more information on hashing credentials with salts.
    Since:
    1.1
    See Also:
    HashedCredentialsMatcher
    • Method Detail

      • getCredentialsSalt

        org.apache.shiro.util.ByteSource getCredentialsSalt()
        Returns the salt used to salt the account's credentials or null if no salt was used.
        Returns:
        the salt used to salt the account's credentials or null if no salt was used.