Package org.apache.shiro.authc.credential

Class SimpleCredentialsMatcher

  • All Implemented Interfaces:
    CredentialsMatcher
    Direct Known Subclasses:
    HashedCredentialsMatcher
    public class SimpleCredentialsMatcher
extends org.apache.shiro.codec.CodecSupport
implements CredentialsMatcher
    Simple CredentialsMatcher implementation. Supports direct (plain) comparison for credentials of type byte[], char[], and Strings, and if the arguments do not match these types, then reverts back to simple Object.equals comparison.

    Hashing comparisons (the most common technique used in secure applications) are not supported by this class, but instead by the HashedCredentialsMatcher.

    Since:
    0.9
    See Also:
    HashedCredentialsMatcher

    • Constructor Detail

      • SimpleCredentialsMatcher

        public SimpleCredentialsMatcher()

    • Method Detail

      • getCredentials

        protected Object getCredentials(AuthenticationToken token)
        Returns the token's credentials.

        This default implementation merely returns authenticationToken.getCredentials() and exists as a template hook if subclasses wish to obtain the credentials in a different way or convert them to a different format before returning.

        Parameters:
        token - the AuthenticationToken submitted during the authentication attempt.
        Returns:
        the token's associated credentials.

      • getCredentials

        protected Object getCredentials(AuthenticationInfo info)
        Returns the account's credentials.

        This default implementation merely returns account.getCredentials() and exists as a template hook if subclasses wish to obtain the credentials in a different way or convert them to a different format before returning.

        Parameters:
        info - the AuthenticationInfo stored in the data store to be compared against the submitted authentication token's credentials.
        Returns:
        the account's associated credentials.

      • equals

        protected boolean equals(Object tokenCredentials,
                         Object accountCredentials)
        Returns true if the tokenCredentials argument is logically equal to the accountCredentials argument.

        If both arguments are either a byte array (byte[]), char array (char[]) or String, they will be both be converted to raw byte arrays via the toBytes method first, and then resulting byte arrays are compared via Arrays.equals(byte[],byte[]).

        If either argument cannot be converted to a byte array as described, a simple Object equals comparison is made.

        Subclasses should override this method for more explicit equality checks.

        Parameters:
        tokenCredentials - the AuthenticationToken's associated credentials.
        accountCredentials - the AuthenticationInfo's stored credentials.
        Returns:
        true if the tokenCredentials are equal to the accountCredentials.