Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
A hack to get Apache Shiro to work with Bcrypt.
* @author: Terry Chia (Ayrx)
public class BcryptCredentialsMatcher implements CredentialsMatcher {
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
String password;
String hashed_password;
if(token instanceof UsernamePasswordToken) {
password = toString(((UsernamePasswordToken) token).getPassword());
hashed_password = getCredentials(info);
return BCrypt.checkpw(password, hashed_password);
else {
throw new RuntimeException("You aren't passing in passwords");
private String getCredentials(AuthenticationInfo info) {
Object credentials = info.getCredentials();
return toString(credentials);
private String toString(Object o) {
if (o == null) {
String msg = "Argument for String conversion cannot be null.";
throw new IllegalArgumentException(msg);
if (o instanceof byte[]) {
return toString((byte[]) o);
} else if (o instanceof char[]) {
return new String((char[]) o);
} else if (o instanceof String) {
return (String) o;
} else {
return o.toString();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment