Examples of org.apache.shiro.crypto.RandomNumberGenerator

org.apache.shiro.crypto.RandomNumberGenerator
A component that can generate random number/byte values as needed. Useful in cryptography or security scenarios where random byte arrays are needed, such as for password salts, nonces, initialization vectors and other seeds.
This is essentially the same as a {@link java.security.SecureRandom SecureRandom}, and indeed implementations of this interface will probably all use {@link java.security.SecureRandom SecureRandom} instances, but thisinterface provides a few additional benefits to end-users:
- It is an interface rather than the JDK's {@code SecureRandom} concrete implementation. Implementation detailscan be customized as necessary based on the application's needs
- Default per-instance behavior can be customized on implementations, typically via JavaBeans mutators.
- Perhaps most important for Shiro end-users, tt can more easily be used as a source of cryptographic seed data, and the data returned is already in a more convenient {@link ByteSource ByteSource} format in case that data needsto be {@link org.apache.shiro.util.ByteSource#toHex() hex} or{@link org.apache.shiro.util.ByteSource#toBase64() base64}-encoded.
For example, consider the following example generating password salts for new user accounts:
```
 RandomNumberGenerator saltGenerator = new  {@link org.apache.shiro.crypto.SecureRandomNumberGenerator SecureRandomNumberGenerator}(); User user = new User(); user.setPasswordSalt(saltGenerator.nextBytes().toBase64()); userDAO.save(user); 
```
@since 1.1

    }


    public static String issueRandomAPIToken() {
        // we need to see our tokens with a random value so the same one isn't generated
        // for the same user each time.
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        Object randomNumber = rng.nextBytes();


        // we also use a user agent as a validation factor
        // so when we later validate the token, we also validate the user agent
        String secret = generateRandomString();
        String salt = secret.concat(randomNumber.toString());

View Full Code Here

    }
    
    @Test
    public void testSaltGenerator() {
    
        RandomNumberGenerator numGen = new SecureRandomNumberGenerator();
        ByteSource src = numGen.nextBytes();
        
        System.err.println(src);
        System.err.println(src.getBytes());
        System.err.println(src.getClass());
    }

View Full Code Here

                    .userRole(UserRole.ADMIN)
                    .build();


            userManager.create(newUser);


            RandomNumberGenerator numberGenerator = new SecureRandomNumberGenerator();
            ByteSource salt = numberGenerator.nextBytes();


            String hashedPassword = new Sha256Hash("haxx", salt, 1024).toBase64();


            Password newPassword = new Password(newUser.getId(), hashedPassword, salt.getBytes());

View Full Code Here

    final List<?> result = query.list();


    if (result.size() == 0)
    {
      final Account account = new Account(username, password, "buddy@waddya.at");
      final RandomNumberGenerator random = new SecureRandomNumberGenerator();


      account.setSalt(random.nextBytes().toBase64());
      account.setPassword(new Sha256Hash(account.getPassword(), account.getSalt(), 1024).toBase64());


      session.save(account);
    }
  }

View Full Code Here

    final Session session = DatabaseUtil.getSessionFactory().getCurrentSession();
    final Account existingAccount = getAccount(session, account.getUsername());


    if (existingAccount == null)
    {
      final RandomNumberGenerator random = new SecureRandomNumberGenerator();
      account.setSalt(random.nextBytes().toBase64());
      account.setPassword(new Sha256Hash(account.getPassword(), account.getSalt(), 1024).toBase64());
    }
    else
    {
      // Don't allow password changes during an account update.

View Full Code Here

    public static boolean exists(User user) {
        return user != null && find.where().eq("admin.id", user.id).findRowCount() > 0;
    }


    public static User updateDefaultSiteAdmin(User user) {
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        String passwordSalt = Arrays.toString(rng.nextBytes().getBytes());


        User defaultSiteAdmin = User.findByLoginId(SITEADMIN_DEFAULT_LOGINID);
        defaultSiteAdmin.name = user.name;
        defaultSiteAdmin.email = user.email;
        defaultSiteAdmin.passwordSalt = passwordSalt;

View Full Code Here

            newUserForm.reject("email", "user.email.duplicate");
        }
    }


    private static User createNewUser(User user) {
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        user.passwordSalt = rng.nextBytes().toBase64();
        user.password = hashedPassword(user.password, user.passwordSalt);
        User.create(user);
        if (isUseSignUpConfirm()) {
            user.changeState(UserState.LOCKED);
        } else {

View Full Code Here

TOP

Related Classes of org.apache.shiro.crypto.RandomNumberGenerator

com.piercey.app.framework.DatabaseUtil

com.streamreduce.util.SecurityUtil

controllers.UserApp

models.SiteAdmin

se.gu.fire.backend.LoginBean

se.gu.fire.PasswordTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.