-
Classes Class Description org.apache.shiro.authc.credential.Md2CredentialsMatcher since 1.1 - use the HashedCredentialsMatcher directly and set itshashAlgorithmNameproperty.org.apache.shiro.authc.credential.Md5CredentialsMatcher since 1.1 - use the HashedCredentialsMatcher directly and set itshashAlgorithmNameproperty.org.apache.shiro.authc.credential.Sha1CredentialsMatcher since 1.1 - use the HashedCredentialsMatcher directly and set itshashAlgorithmNameproperty.org.apache.shiro.authc.credential.Sha256CredentialsMatcher since 1.1 - use the HashedCredentialsMatcher directly and set itshashAlgorithmNameproperty.org.apache.shiro.authc.credential.Sha384CredentialsMatcher since 1.1 - use the HashedCredentialsMatcher directly and set itshashAlgorithmNameproperty.org.apache.shiro.authc.credential.Sha512CredentialsMatcher since 1.1 - use the HashedCredentialsMatcher directly and set itshashAlgorithmNameproperty.org.apache.shiro.config.IniFactorySupport use Shiro'sEnvironmentmechanisms instead.org.apache.shiro.config.IniSecurityManagerFactory use Shiro'sEnvironmentmechanisms instead.org.apache.shiro.realm.ldap.DefaultLdapContextFactory replaced by theJndiLdapContextFactoryimplementation. This implementation will be removed prior to Shiro 2.0org.apache.shiro.realm.ldap.JndiLdapRealm Renamed toDefaultLdapRealm, this class will be removed prior to 2.0org.apache.shiro.util.JavaEnvironment This class is no longer used in Shiro and will be removed in the next major version.
-
Methods Method Description org.apache.shiro.authc.credential.HashedCredentialsMatcher.getSalt(AuthenticationToken) since Shiro 1.1. Hash salting is now expected to be based on if theAuthenticationInforeturned from theRealmis aSaltedAuthenticationInfoinstance and itsgetCredentialsSalt()method returns a non-null value. This method and the 1.0 behavior still exists for backwards compatibility if theRealmdoes not returnSaltedAuthenticationInfoinstances, but it is highly recommended thatRealmimplementations that support hashed credentials start returningSaltedAuthenticationInfoinstances as soon as possible. This is because salts should always be obtained from the stored account information and never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user are almost impossible to break. This method will be removed in Shiro 2.0.org.apache.shiro.authc.credential.HashedCredentialsMatcher.isHashSalted() since Shiro 1.1. Hash salting is now expected to be based on if theAuthenticationInforeturned from theRealmis aSaltedAuthenticationInfoinstance and itsgetCredentialsSalt()method returns a non-null value. This method and the 1.0 behavior still exists for backwards compatibility if theRealmdoes not returnSaltedAuthenticationInfoinstances, but it is highly recommended thatRealmimplementations that support hashed credentials start returningSaltedAuthenticationInfoinstances as soon as possible. This is because salts should always be obtained from the stored account information and never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user are almost impossible to break. This method will be removed in Shiro 2.0.org.apache.shiro.authc.credential.HashedCredentialsMatcher.setHashSalted(boolean) since Shiro 1.1. Hash salting is now expected to be based on if theAuthenticationInforeturned from theRealmis aSaltedAuthenticationInfoinstance and itsgetCredentialsSalt()method returns a non-null value. This method and the 1.0 behavior still exists for backwards compatibility if theRealmdoes not returnSaltedAuthenticationInfoinstances, but it is highly recommended thatRealmimplementations that support hashed credentials start returningSaltedAuthenticationInfoinstances as soon as possible. This is because salts should always be obtained from the stored account information and never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user are almost impossible to break. This method will be removed in Shiro 2.0.org.apache.shiro.mgt.DefaultSecurityManager.bind(Subject) in favor ofsave(subject).org.apache.shiro.mgt.DefaultSecurityManager.unbind(Subject) in Shiro 1.2 in favor ofDefaultSecurityManager.delete(org.apache.shiro.subject.Subject)org.apache.shiro.mgt.DefaultSubjectFactory.newSubjectInstance(PrincipalCollection, boolean, String, Session, SecurityManager) since 1.2 - overrideDefaultSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext)directly if you need to instantiate a customSubjectclass.org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(String, String) theDefaultLdapContextFactory.getLdapContext(Object, Object)method should be used in all cases to ensure more than String principals and credentials can be used. Shiro no longer calls this method - it will be removed before the 2.0 release.org.apache.shiro.realm.ldap.DefaultLdapContextFactory.setSearchBase(String) this attribute existed, but was never used in Shiro 1.x. It will be removed prior to Shiro 2.0.org.apache.shiro.realm.ldap.JndiLdapContextFactory.getLdapContext(String, String) theJndiLdapContextFactory.getLdapContext(Object, Object)method should be used in all cases to ensure more than String principals and credentials can be used. Shiro no longer calls this method - it will be removed before the 2.0 release.org.apache.shiro.realm.ldap.LdapContextFactory.getLdapContext(String, String) theLdapContextFactory.getLdapContext(Object, Object)method should be used in all cases to ensure more than String principals and credentials can be used.org.apache.shiro.util.CollectionUtils.isEmpty(PrincipalCollection) Use PrincipalCollection.isEmpty() directly.
-
Constructors Constructor Description org.apache.shiro.UnavailableSecurityManagerException(String, Throwable) This constructor is NOT used by Shiro directly, and will be removed in the future.