This is one of those topics that generates opinion on alternatives and improvement, but for our purposes we're going to cover using encrypted passwords in Shiro from the standpoint of simplicity with a reasonable amount of security. The source code can be found in my Bootique Shiro Demo app on GitHub.
The User Data
First let's look at our User records. UserId, username, email and hashed password as a VARCHAR(255). No Salted Key Column, just the password unrecognizable to all except Shiro who performs the encrypting and decrypting for us as you will see. And very simply.
Creating a User Password
We'll encrypt the password in our User Service using Shiro Sha356Hash(). Notice we then convert it to Hex with toHex(). Very important.
Realm Credentials Matching
For our Realm to correctly authenticate the User with our Sha256Hash encryption we have to set its CredentialsMatcher.
Authenticating the User
In our NixmashRealm doGetAuthenticationInfo(token) method where we retrieve and authenticate the user on login we use Shiro SimpleAuthenticationInfo() to authenticate the user, which matches our encrypted password to the clear "password" entered in the UserPasswordToken.
Source Code Notes for this Post
Source code discussed in this post is found in my Bootique Shiro Demo app on GitHub.