Hi, Thanks for response, I understand now. I try to describe what I want to do: I try to use a new shiro 2.0 but we want to have a possibility that admin can change a hash algorithm and parameters for this algorithm. Migration between different algorithms will be done via hashing old hash from DB with a new hash algorithm and set some migration flag in DB so that the system will be able tor recognize that this password needs to be migrated. For example when the user tries to login, the system checks if the migration flag is set and uses old hash algorithm a then a new one. If login will be successful we will upgrade hash in DB and also clear the migration flag. Now I implemented lot of necessary steps but there is a last step that needs to be done. I'm not sure how I can set default algorithm and parameter for PasswordService. So when I call passwordService.encryptPassword(..) then the password will be encrypted with hash provider defined in some configuration file. Now all passwords are hashed via argon algorithm. Is there any way how to setup default hash provider and parameters for PasswordService? Or is it something like it was in my first email that I want to use PasswordService in a "wrong" way?
with best regards Jakub On Mon, Oct 16, 2023 at 8:54 PM Benjamin Marwell <[email protected]> wrote: > > Hi Jakub, > > they should not be accessible from anywhere. It possibly slipped > through reviews. > The new hash dependencies are thought to be runtime dependencies. You > should never ever need them in your classpath while compiling, only > while testing and running the actual application. > > Does that help? > > - Ben > > Am Do., 12. Okt. 2023 um 18:57 Uhr schrieb Jakub Herkel <[email protected]>: > > > > One correction, I meant a signature of method fromString was changed from > > Hash fromString(String string); > > to > > public BCryptHash fromString(String string); > > > > Jakub > > > > On Wed, Oct 11, 2023 at 11:48 AM Jakub Herkel <[email protected]> wrote: > > > > > > Hello, > > > > > > I would like to ask if there is a way how to decode hash parameters > > > from a hash string. For example for bcrypt. I know that I can use > > > BCryptProvider and there is a method fromString that returns a > > > BCryptHash class. But the BCryphHash isn't public class. Also > > > BCryptProvider changes a signature of method > > > Hash fromString(String string); > > > to > > > public BCryptHash generate(HashRequest hashRequest) > > > > > > So it exports non accessible class via public method and for example > > > this code cannot be compiled : > > > BCryptProvider fff = new BCryptProvider(); > > > var hash2 = fff.fromString("aaa"); > > > System.out.println(hash2.toString()); > > > > > > Is there any technical reason why the BCryptHash class isn't > > > accessible from anywhere? > > > > > > best regards > > > > > > Jakub Herkel
