Details
-
New Feature
-
Status: Closed
-
Minor
-
Resolution: Implemented
-
None
-
None
Description
I noticed that Shiro was having different functionalities when between one and many realms in use. I used time to dig into this and it resulted in a suggestion for a new Shiro class with name FirstRealmAuthenticator.
My suggestion for FirstRealmAuthenticator is that it is equal to ModularRealmAuthenticator except that when it finds first realm that is used for token it will handle it in the same way as it was the only realm and skip all other realms. The benefit of this is speed and similarity.
Here is example code for method doMultiRealmAuthentication:
protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
AuthenticationStrategy strategy = getAuthenticationStrategy();
AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
if (log.isTraceEnabled()) {
log.trace("Iterating through {} realms for PAM authentication", realms.size());
}
for (Realm realm : realms) {
aggregate = strategy.beforeAttempt(realm, token, aggregate);
if (realm.supports(token)) {
log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
AuthenticationInfo info = realm.getAuthenticationInfo(token);
aggregate = strategy.afterAttempt(realm, token, info, aggregate, null);
break;
} else {
log.debug("Realm [{}] does not support token {}. Skipping realm.", realm, token);
}
}
aggregate = strategy.afterAllAttempts(token, aggregate);
return aggregate;
}