Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
security-shiro-1.4.0
-
None
Description
We currently attempt to obtain roles for realms that did not authenticate the token.
Ideally, should only ask for roles from the realms that authenticated the token.
As a workaround, should (as currently) query all realms but then catch and ignore any exceptions thrown by those realms that did not authenticate the token.