[SHIRO-540] Allow for authentication strategy to stop checking realms after first success - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 2.0.0
Component/s: Authorization (access control)
Labels:
None

Description

The current ModularRealmAuthenticator will continue to check all realms for authc. While this is handy in some cases, it is also desirable not continue checking realms after the first successful realm (especially when using an external auth source like LDAP or a DB)

I've worked around this in the past by extending an above authenticator to return after the first success. As well as put a potential solution on this branch: https://github.com/bdemers/shiro/commit/b8a631877fee239413b45dbfc118de2759ab9c75 (however this would need to be updated for 2.0)

Example workaround pre 2.0: https://github.com/sonatype/nexus-oss/blob/master/components/nexus-security/src/main/java/org/sonatype/nexus/security/authc/FirstSuccessfulModularRealmAuthenticator.java

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Mariano Tewel

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Aug/15 15:11

Updated:: 06/Mar/23 08:06