Examples of org.apache.shiro.crypto.SecureRandomNumberGenerator

• org.apache.shiro.crypto.SecureRandomNumberGenerator
  Default implementation of the {@link RandomNumberGenerator RandomNumberGenerator} interface, backed by a{@link SecureRandom SecureRandom} instance.

  This class is a little easier to use than using the JDK's {@code SecureRandom} class directly. It alsoallows for JavaBeans-style of customization, convenient for Shiro's INI configuration or other IoC configuration mechanism. @since 1.1

    public void testSaltedAuthenticationInfo() {
        //use SHA-1 hashing in this test:
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);

        //simulate a user account with a SHA-1 hashed and salted password:
        ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
        Object hashedPassword = new Sha1Hash("password", salt);
        SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName");

        //simulate a username/password (plaintext) token created in response to a login attempt:
        AuthenticationToken token = new UsernamePasswordToken("username", "password");

    final List<?> result = query.list();

    if (result.size() == 0)
    {
      final Account account = new Account(username, password, "buddy@waddya.at");
      final RandomNumberGenerator random = new SecureRandomNumberGenerator();

      account.setSalt(random.nextBytes().toBase64());
      account.setPassword(new Sha256Hash(account.getPassword(), account.getSalt(), 1024).toBase64());

      session.save(account);
    }
  }

    final Session session = DatabaseUtil.getSessionFactory().getCurrentSession();
    final Account existingAccount = getAccount(session, account.getUsername());

    if (existingAccount == null)
    {
      final RandomNumberGenerator random = new SecureRandomNumberGenerator();
      account.setSalt(random.nextBytes().toBase64());
      account.setPassword(new Sha256Hash(account.getPassword(), account.getSalt(), 1024).toBase64());
    }
    else
    {
      // Don't allow password changes during an account update.

    public static boolean exists(User user) {
        return user != null && find.where().eq("admin.id", user.id).findRowCount() > 0;
    }

    public static User updateDefaultSiteAdmin(User user) {
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        String passwordSalt = Arrays.toString(rng.nextBytes().getBytes());

        User defaultSiteAdmin = User.findByLoginId(SITEADMIN_DEFAULT_LOGINID);
        defaultSiteAdmin.name = user.name;
        defaultSiteAdmin.email = user.email;
        defaultSiteAdmin.passwordSalt = passwordSalt;

            newUserForm.reject("email", "user.email.duplicate");
        }
    }

    private static User createNewUser(User user) {
        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        user.passwordSalt = rng.nextBytes().toBase64();
        user.password = hashedPassword(user.password, user.passwordSalt);
        User.create(user);
        if (isUseSignUpConfirm()) {
            user.changeState(UserState.LOCKED);
        } else {

     * hashCode expire time limit, 1 hour
     */
    public static final int HASH_EXPIRE_TIME_MILLISEC = 3600*1000;

    public static String generateResetHash(String loginId) {
        return new Sha1Hash(loginId, new SecureRandomNumberGenerator().nextBytes(), 1).toHex();
    }