Package org.apache.shiro.crypto.hash
Interface HashService
-
- All Known Subinterfaces:
ConfigurableHashService
- All Known Implementing Classes:
DefaultHashService
public interface HashService
AHashService
hashes input sources utilizing a particular hashing strategy. AHashService
sits at a higher architectural level than Shiro's simpleHash
classes: it allows for salting and iteration-related strategies to be configured and internalized in a single component that can be re-used in multiple places in the application. For example, for the most secure hashes, it is highly recommended to use a randomly generated salt, potentially paired with an configuration-specific private salt, in addition to using multiple hash iterations. While one can do this easily enough using Shiro'sHash
implementations directly, this direct approach could quickly lead to copy-and-paste behavior. For example, consider this logic which might need to repeated in an application:int numHashIterations = ... ByteSource privateSalt = ... ByteSource randomSalt =
In this example, often only the input source will change during runtime, while the hashing strategy (how salts are generated or acquired, how many hash iterations will be performed, etc) usually remain consistent. A HashService internalizes this logic so the above becomes simply this:randomNumberGenerator
.nextBytes(); ByteSource combined = combine(privateSalt, randomSalt); Hash hash = Sha512Hash(source, combined, numHashIterations); save(hash);HashRequest request = new HashRequest.Builder().source(source).build(); Hash result = hashService.hash(request); save(result);
- Since:
- 1.2
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Hash
computeHash(HashRequest request)
Computes a hash based on the given request.
-
-
-
Method Detail
-
computeHash
Hash computeHash(HashRequest request)
Computes a hash based on the given request.Salt Notice
If a salt accompanies the return value (i.e.returnedHash.
), this same exact salt MUST be presented back to thegetSalt()
!= nullHashService
if hash comparison/verification will be performed at a later time (for example, for password hash or file checksum comparison). For additional security, theHashService
's internal implementation may use more complex salting strategies than what would be achieved by computing aHash
manually. In summary, if aHashService
returns a salt in a returned Hash, it is expected that the same salt will be provided to the sameHashService
instance.- Parameters:
request
- the request to process- Returns:
- the hashed data
- See Also:
Hash.getSalt()
-
-