pmcneil
commented
5 years ago Have been working on this - Looking at some options. Will probably default to setting a random remember me key on startup, which you can override with the config setting.
Closed animator013 closed 5 years ago
pmcneil
commented
5 years ago Have been working on this - Looking at some options. Will probably default to setting a random remember me key on startup, which you can override with the config setting.
pmcneil
commented
5 years ago So I have been doing some testing as well as coding this up. It seems the Shiro CookieRememberMeManager generates a random 16 byte key each time on start up... the code is:
public AbstractRememberMeManager() { this.serializer = new DefaultSerializer<PrincipalCollection>(); AesCipherService cipherService = new AesCipherService(); this.cipherService = cipherService; setCipherKey(cipherService.generateNewKey().getEncoded()); }
which happens to be exactly what I wrote to set a random key, only I made 256 bit one.
The AesCipherService uses javax.crypto.KeyGenerator.
animator013
commented
5 years ago Yes. That is why I left the default value as null, so shiro generates the key.
pmcneil
commented
5 years ago I have committed my changes, feedback welcome :-)
animator013
commented
5 years ago Looks good :)
Made this simple implementation, please have a look.
The key generation through script can be done after you implement that JWT realm. I am using string as key as it is most convenient way to type it to application config.