Shiro Configuration

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Shiro Configuration

mixtou
I would like to ask if someone could post an example of SHiro configuration
implementing  Hashed Passwords Authentication without extending/implementing
any custom Realm or SaltedAuthentificationInfo??
Is this possible? I haven't found any complete example. In my Project i have
a mysql database and i would like to implement authentication using Hashed
Passwords Saved in database.
My shiro.ini is the following:

[main]
ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = 127.0.0.1
ds.port = 3306
ds.user = histopathUser
ds.password = h1s+0p@+h
ds.databaseName = histopath.gr

jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $ds

jdbcRealm.authenticationQuery = "SELECT password, salt FROM User WHERE email
= ? AND activated = 0"
jdbcRealm.userRolesQuery = "SELECT roleName FROM UserRole WHERE email = ?"
# jdbcRealm.permissionsQuery = "SELECT permission FROM RolesPermissions
WHERE roleName = ?"

authc.usernameParam = email
authc.passwordParam = password
authc.failureKeyAttribute = shiroLoginFailure


hashService = org.apache.shiro.crypto.hash.DefaultHashService
hashService.hashIterations = 1024
hashService.hashAlgorithmName = SHA-256
hashService.generatePublicSalt = false

passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordService.hashService = $hashService

passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService

jdbcRealm.credentialsMatcher = $passwordMatcher

# credentialsMatcher =
org.apache.shiro.authc.credential.Sha256CredentialsMatcher
# credentialsMatcher =
org.apache.shiro.authc.credential.HashedCredentialsMatcher
# credentialsMatcher.hashAlgorithmName = SHA-256
# credentialsMatcher.hashIterations = 1024
# credentialsMatcher.storedCredentialsHexEncoded = false
# jdbcRealm.credentialsMatcher = $credentialsMatcher


jdbcRealm.permissionsLookupEnabled = false

shiro.loginUrl = /authentication/login

cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.sessionIdCookieEnabled = false

# ssl.enabled = false

securityManager.realms = $jdbcRealm

[users]

[roles]

[urls]

/authentication/login = authc
/authentication/logout = logout

/doctors/* = authc

/users/new = anon
/users/details/* = anon
/users/* = authc

/* = anon


My Authentication Login Function is:

    @POST
    @Path("login")
    @Produces(MediaType.TEXT_PLAIN)
    public boolean login(Authentication authData) {
        System.out.println("Param email: " + authData.getEmail());
        System.out.println("Param password: " + authData.getPassword());
        if (!subject.isAuthenticated()) {
            UsernamePasswordToken token = new
UsernamePasswordToken(authData.getEmail(), authData.getPassword());
            try {
                System.out.println("Trying to authenticate with token");
                subject.login(token);
                System.out.println("User [" +
subject.getPrincipal().toString() + "] logged in successfully.");
                return true;
            } catch (UnknownAccountException uae) {
                log.error("Username Not Found!", uae);
                System.out.println("Username Not Found!");
                uae.printStackTrace();
            } catch (IncorrectCredentialsException ice) {
                log.error("Invalid Credentials!", ice);
                System.out.println("Invalid Credentials!");
                ice.printStackTrace();
            } catch (LockedAccountException lae) {
                log.error("Your Account is Locked!", lae);
                System.out.println("Your Account is Locked!");
                lae.printStackTrace();
            } catch (AuthenticationException ae) {
                log.error("Unexpected Error!", ae);
                System.err.println("Unexpected Error!");
                ae.printStackTrace();
            } catch (Exception ex) {
                System.out.println(ex.getMessage());
                ex.printStackTrace();
            }
        } else {
            return true;
        }

        return false;
    }


My Registration Function:

 @POST
    @Path("new")
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    public String create(User requestBody) {

        System.err.println("NEW User");

//        System.out.println("WTF ==== " + requestBody.getBirthday());
//        System.out.println("lalala: " + requestBody.getPermition());

        User user = new User();
        user.setFirstName(requestBody.getFirstName());
        user.setLastName(requestBody.getLastName());
        user.setEmail(requestBody.getEmail());
//        user.setPassword(requestBody.getPassword());

//             Do Something With Salt Per User Random Generation or
Something like it
//================================================================================================================

        RandomNumberGenerator rng = new SecureRandomNumberGenerator();
        String salt = rng.nextBytes().toBase64();
        String hashedPasswordBase64 = new
Sha256Hash(requestBody.getPassword(), salt, 1024).toBase64();
        user.setSalt(salt);
        user.setPassword(hashedPasswordBase64);

        user.setActivated(false);

        boolean result = userDAO.persist(user);
        userDAO.closeEntityManager();

        if (result) {
            return ReturnResults.results(new ArrayList<User>(asList(user)));
        }
        return "{}";
    }

However in login function in subject.login(token) i gets error:

Unexpected Error!
org.apache.shiro.authc.AuthenticationException: There was a SQL error while
authenticating user [[hidden email]]
        at
org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:260)
        at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
        at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
        at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
        at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
        at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
        at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
        at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
        at
gr.histopath.platform.controllers.authentication.AuthenticationController.login(AuthenticationController.java:45)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
        at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
        at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
        at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:243)
        at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
        at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
        at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
        at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
        at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
        at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
        at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
        at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
        at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
        at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
        at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
        at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
        at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
        at
org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
        at
org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
        at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
        at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
        at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
        at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
        at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:764)
        at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1388)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.sql.SQLException: Parameter index out of range (1 > number
of parameters, which is 0).
        at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:545)
        at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:513)
        at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:505)
        at
com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:479)
        at
com.mysql.cj.jdbc.PreparedStatement.checkBounds(PreparedStatement.java:3246)
        at
com.mysql.cj.jdbc.PreparedStatement.setInternal(PreparedStatement.java:3230)
        at
com.mysql.cj.jdbc.PreparedStatement.setString(PreparedStatement.java:4025)
        at
org.apache.shiro.realm.jdbc.JdbcRealm.getPasswordForUser(JdbcRealm.java:287)
        at
org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:227)
        ... 70 more

What am i doing wrong??? Please Help
Is it possible to setup hashed passwords authentication in shiro without
implementing custom classes of Realm and SaltedAuthentificationInfo??



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro Configuration

Philip Whitehouse
I had to use a minimal custom realm to set the SaltStyle, but it's not
overly complex.

class OurJdbcRealm extends JdbcRealm {
   setSaltStyle(JdbcRealm.SaltStyle.COLUMN)
   override def supports(token: AuthenticationToken) = {
     true
   }
}

credentialsMatcher =
org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.hashIterations = 1024
# This next property is only needed in Shiro 1.0.  Remove it in 1.1 and
later:
credentialsMatcher.hashSalted = true

ourRealm = package.subpackage.OurJdbcRealm
ourRealm.credentialsMatcher = $credentialsMatcher
ourRealm.dataSource = $ds
ourRealm.permissionsQuery = select permission from rolesPermissions
where role_name = ?
ourRealm.userRolesQuery = select role_name from userRoles where username
= ?
ourRealm.authenticationQuery = select password, password_salt from users
where username = ?


CREATE TABLE users (
     username VARCHAR NOT NULL,
     password TEXT NOT NULL,
     password_salt TEXT NOT NULL,
     PRIMARY KEY (username)
)

CREATE TABLE userRoles (
     username VARCHAR NOT NULL,
     role_name VARCHAR NOT NULL
)

CREATE TABLE rolesPermissions (
     role_name VARCHAR NOT NULL,
     permission VARCHAR NOT NULL
)

That said 1024 rounds of SHA-256 isn't best practice any more - should
transition to PKBDF or BCRYPT for new stuff.

-Philip Whitehouse

On 2018-08-02 08:24, mixtou wrote:

> I would like to ask if someone could post an example of SHiro
> configuration
> implementing  Hashed Passwords Authentication without
> extending/implementing
> any custom Realm or SaltedAuthentificationInfo??
> Is this possible? I haven't found any complete example. In my Project i
> have
> a mysql database and i would like to implement authentication using
> Hashed
> Passwords Saved in database.
> My shiro.ini is the following:
>
> [main]
> ds = com.mysql.cj.jdbc.MysqlDataSource
> ds.serverName = 127.0.0.1
> ds.port = 3306
> ds.user = histopathUser
> ds.password = h1s+0p@+h
> ds.databaseName = histopath.gr
>
> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
> jdbcRealm.dataSource = $ds
>
> jdbcRealm.authenticationQuery = "SELECT password, salt FROM User WHERE
> email
> = ? AND activated = 0"
> jdbcRealm.userRolesQuery = "SELECT roleName FROM UserRole WHERE email =
> ?"
> # jdbcRealm.permissionsQuery = "SELECT permission FROM RolesPermissions
> WHERE roleName = ?"
>
> authc.usernameParam = email
> authc.passwordParam = password
> authc.failureKeyAttribute = shiroLoginFailure
>
>
> hashService = org.apache.shiro.crypto.hash.DefaultHashService
> hashService.hashIterations = 1024
> hashService.hashAlgorithmName = SHA-256
> hashService.generatePublicSalt = false
>
> passwordService =
> org.apache.shiro.authc.credential.DefaultPasswordService
> passwordService.hashService = $hashService
>
> passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
> passwordMatcher.passwordService = $passwordService
>
> jdbcRealm.credentialsMatcher = $passwordMatcher
>
> # credentialsMatcher =
> org.apache.shiro.authc.credential.Sha256CredentialsMatcher
> # credentialsMatcher =
> org.apache.shiro.authc.credential.HashedCredentialsMatcher
> # credentialsMatcher.hashAlgorithmName = SHA-256
> # credentialsMatcher.hashIterations = 1024
> # credentialsMatcher.storedCredentialsHexEncoded = false
> # jdbcRealm.credentialsMatcher = $credentialsMatcher
>
>
> jdbcRealm.permissionsLookupEnabled = false
>
> shiro.loginUrl = /authentication/login
>
> cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
> securityManager.cacheManager = $cacheManager
>
> sessionManager =
> org.apache.shiro.web.session.mgt.DefaultWebSessionManager
> securityManager.sessionManager = $sessionManager
> securityManager.sessionManager.sessionIdCookieEnabled = false
>
> # ssl.enabled = false
>
> securityManager.realms = $jdbcRealm
>
> [users]
>
> [roles]
>
> [urls]
>
> /authentication/login = authc
> /authentication/logout = logout
>
> /doctors/* = authc
>
> /users/new = anon
> /users/details/* = anon
> /users/* = authc
>
> /* = anon
>
>
> My Authentication Login Function is:
>
>     @POST
>     @Path("login")
>     @Produces(MediaType.TEXT_PLAIN)
>     public boolean login(Authentication authData) {
>         System.out.println("Param email: " + authData.getEmail());
>         System.out.println("Param password: " +
> authData.getPassword());
>         if (!subject.isAuthenticated()) {
>             UsernamePasswordToken token = new
> UsernamePasswordToken(authData.getEmail(), authData.getPassword());
>             try {
>                 System.out.println("Trying to authenticate with
> token");
>                 subject.login(token);
>                 System.out.println("User [" +
> subject.getPrincipal().toString() + "] logged in successfully.");
>                 return true;
>             } catch (UnknownAccountException uae) {
>                 log.error("Username Not Found!", uae);
>                 System.out.println("Username Not Found!");
>                 uae.printStackTrace();
>             } catch (IncorrectCredentialsException ice) {
>                 log.error("Invalid Credentials!", ice);
>                 System.out.println("Invalid Credentials!");
>                 ice.printStackTrace();
>             } catch (LockedAccountException lae) {
>                 log.error("Your Account is Locked!", lae);
>                 System.out.println("Your Account is Locked!");
>                 lae.printStackTrace();
>             } catch (AuthenticationException ae) {
>                 log.error("Unexpected Error!", ae);
>                 System.err.println("Unexpected Error!");
>                 ae.printStackTrace();
>             } catch (Exception ex) {
>                 System.out.println(ex.getMessage());
>                 ex.printStackTrace();
>             }
>         } else {
>             return true;
>         }
>
>         return false;
>     }
>
>
> My Registration Function:
>
>  @POST
>     @Path("new")
>     @Consumes(MediaType.APPLICATION_JSON)
>     @Produces(MediaType.APPLICATION_JSON)
>     public String create(User requestBody) {
>
>         System.err.println("NEW User");
>
> //        System.out.println("WTF ==== " + requestBody.getBirthday());
> //        System.out.println("lalala: " + requestBody.getPermition());
>
>         User user = new User();
>         user.setFirstName(requestBody.getFirstName());
>         user.setLastName(requestBody.getLastName());
>         user.setEmail(requestBody.getEmail());
> //        user.setPassword(requestBody.getPassword());
>
> //             Do Something With Salt Per User Random Generation or
> Something like it
> //================================================================================================================
>
>         RandomNumberGenerator rng = new SecureRandomNumberGenerator();
>         String salt = rng.nextBytes().toBase64();
>         String hashedPasswordBase64 = new
> Sha256Hash(requestBody.getPassword(), salt, 1024).toBase64();
>         user.setSalt(salt);
>         user.setPassword(hashedPasswordBase64);
>
>         user.setActivated(false);
>
>         boolean result = userDAO.persist(user);
>         userDAO.closeEntityManager();
>
>         if (result) {
>             return ReturnResults.results(new
> ArrayList<User>(asList(user)));
>         }
>         return "{}";
>     }
>
> However in login function in subject.login(token) i gets error:
>
> Unexpected Error!
> org.apache.shiro.authc.AuthenticationException: There was a SQL error
> while
> authenticating user [[hidden email]]
> at
> org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:260)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
> at
> gr.histopath.platform.controllers.authentication.AuthenticationController.login(AuthenticationController.java:45)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at
> org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
> at
> org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:243)
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
> at
> org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
> at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
> at
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
> at
> org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
> at
> org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
> at
> org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
> at
> org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
> at
> org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
> at
> org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
> at
> org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
> at
> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
> at
> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
> at
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
> at
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
> at
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:764)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1388)
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.sql.SQLException: Parameter index out of range (1 >
> number
> of parameters, which is 0).
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:545)
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:513)
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:505)
> at
> com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:479)
> at
> com.mysql.cj.jdbc.PreparedStatement.checkBounds(PreparedStatement.java:3246)
> at
> com.mysql.cj.jdbc.PreparedStatement.setInternal(PreparedStatement.java:3230)
> at
> com.mysql.cj.jdbc.PreparedStatement.setString(PreparedStatement.java:4025)
> at
> org.apache.shiro.realm.jdbc.JdbcRealm.getPasswordForUser(JdbcRealm.java:287)
> at
> org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:227)
> ... 70 more
>
> What am i doing wrong??? Please Help
> Is it possible to setup hashed passwords authentication in shiro
> without
> implementing custom classes of Realm and SaltedAuthentificationInfo??
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/