I have a class that extends the ActiveDirectoryRealm in order to perform authentication against Active Directory, my class then uses database tables to support the authorisation of the authenticated subject. What I have found is that calls to the super doGetAuthenticationInfo can return a null in the event of a communication problem with the Active Directory server.
On further investigation, I found that the doGetAuthenticationInfo method in AbstractLdapRealm catches a javax.naming.NamingException and then logs an error message. As the exception has been caught and not propagated, the only way my derived class knows there has been a problem is through checking if the AuthenticationInfo is null - however the original context of the exception has been lost (albeit it was logged).
It would be useful if the naming exception was allowed to propagate up or alternatively caught and a Shiro specific exception thrown - either way, it would allow descendants of ActiveDirectoryRealm to handle the exception and do the appropriate thing themselves.